diff options
| author |   Matus Fabian <matfabia@cisco.com> | 2017-08-21 07:05:03 -0700 |
|---|---|---|
| committer |   Ole Trøan <otroan@employees.org> | 2017-08-23 07:42:10 +0000 |
| commit | 2ba92e32e0197f676dd905e5edcb4ff3e1bec241 (patch) | |
| tree | 4d5eba20eda422bde4e9218834e1b8662a43b001 | |
| parent | cfc997ef3da9f406afe5caad99fc98a53aab7a77 (diff) | |
NAT: Rename snat plugin to nat (VPP-955)
Change-Id: I30a7e3da7a4efc6038a91e27b48045d4b07e2764
Signed-off-by: Matus Fabian <matfabia@cisco.com>
| -rw-r--r-- | src/configure.ac | 2 | ||||
| -rw-r--r-- | src/examples/sample-plugin/sample_plugin_doc.md | 2 | ||||
| -rw-r--r-- | src/plugins/Makefile.am | 4 | ||||
| -rw-r--r-- | src/plugins/nat.am | 41 | ||||
| -rw-r--r-- | src/plugins/nat/in2out.c (renamed from src/plugins/snat/in2out.c) | 144 | ||||
| -rw-r--r-- | src/plugins/nat/nat.api (renamed from src/plugins/snat/snat.api) | 684 | ||||
| -rw-r--r-- | src/plugins/nat/nat.c (renamed from src/plugins/snat/snat.c) | 190 | ||||
| -rw-r--r-- | src/plugins/nat/nat.h (renamed from src/plugins/snat/snat.h) | 18 | ||||
| -rw-r--r-- | src/plugins/nat/nat64.c (renamed from src/plugins/snat/nat64.c) | 4 | ||||
| -rw-r--r-- | src/plugins/nat/nat64.h (renamed from src/plugins/snat/nat64.h) | 4 | ||||
| -rw-r--r-- | src/plugins/nat/nat64_cli.c (renamed from src/plugins/snat/nat64_cli.c) | 4 | ||||
| -rw-r--r-- | src/plugins/nat/nat64_db.c (renamed from src/plugins/snat/nat64_db.c) | 2 | ||||
| -rw-r--r-- | src/plugins/nat/nat64_db.h (renamed from src/plugins/snat/nat64_db.h) | 2 | ||||
| -rw-r--r-- | src/plugins/nat/nat64_doc.md (renamed from src/plugins/snat/nat64_doc.md) | 0 | ||||
| -rw-r--r-- | src/plugins/nat/nat64_in2out.c (renamed from src/plugins/snat/nat64_in2out.c) | 2 | ||||
| -rw-r--r-- | src/plugins/nat/nat64_out2in.c (renamed from src/plugins/snat/nat64_out2in.c) | 2 | ||||
| -rw-r--r-- | src/plugins/nat/nat_all_api_h.h (renamed from src/plugins/snat/snat_all_api_h.h) | 4 | ||||
| -rw-r--r-- | src/plugins/nat/nat_api.c (renamed from src/plugins/snat/snat_api.c) | 1311 | ||||
| -rw-r--r-- | src/plugins/nat/nat_det.c (renamed from src/plugins/snat/snat_det.c) | 6 | ||||
| -rw-r--r-- | src/plugins/nat/nat_det.h (renamed from src/plugins/snat/snat_det.h) | 12 | ||||
| -rw-r--r-- | src/plugins/nat/nat_ipfix_logging.c (renamed from src/plugins/snat/snat_ipfix_logging.c) | 14 | ||||
| -rw-r--r-- | src/plugins/nat/nat_ipfix_logging.h (renamed from src/plugins/snat/snat_ipfix_logging.h) | 10 | ||||
| -rw-r--r-- | src/plugins/nat/nat_msg_enum.h (renamed from src/plugins/snat/snat_msg_enum.h) | 10 | ||||
| -rw-r--r-- | src/plugins/nat/nat_test.c (renamed from src/plugins/snat/snat_test.c) | 14 | ||||
| -rw-r--r-- | src/plugins/nat/out2in.c (renamed from src/plugins/snat/out2in.c) | 134 | ||||
| -rw-r--r-- | src/plugins/snat.am | 41 | ||||
| -rw-r--r-- | src/scripts/vnet/nat44 (renamed from src/scripts/vnet/snat) | 4 | ||||
| -rw-r--r-- | src/scripts/vnet/nat44_det (renamed from src/scripts/vnet/snat_det) | 4 | ||||
| -rw-r--r-- | src/scripts/vnet/nat44_static (renamed from src/scripts/vnet/snat_static) | 6 | ||||
| -rw-r--r-- | src/scripts/vnet/nat44_static_with_port (renamed from src/scripts/vnet/snat_static_with_port) | 6 | ||||
| -rw-r--r-- | src/vpp-api/java/Makefile.am | 26 | ||||
| -rw-r--r-- | src/vpp-api/java/jvpp-nat/io/fd/vpp/jvpp/nat/examples/CallbackApiExample.java (renamed from src/vpp-api/java/jvpp-snat/io/fd/vpp/jvpp/snat/examples/CallbackApiExample.java) | 28 | ||||
| -rw-r--r-- | src/vpp-api/java/jvpp-nat/io/fd/vpp/jvpp/nat/examples/Readme.txt | 1 | ||||
| -rw-r--r-- | src/vpp-api/java/jvpp-nat/jvpp_nat.c (renamed from src/vpp-api/java/jvpp-snat/jvpp_snat.c) | 22 | ||||
| -rw-r--r-- | src/vpp-api/java/jvpp-nat/jvpp_nat.h (renamed from src/vpp-api/java/jvpp-snat/jvpp_snat.h) | 12 | ||||
| -rw-r--r-- | src/vpp-api/java/jvpp-snat/io/fd/vpp/jvpp/snat/examples/Readme.txt | 1 | ||||
| -rw-r--r-- | test/test_nat.py (renamed from test/test_snat.py) | 874 | ||||
| -rw-r--r-- | test/vpp_papi_provider.py | 187 |
38 files changed, 2861 insertions, 971 deletions
diff --git a/src/configure.ac b/src/configure.ac index 7a038c2e..4c2d3b47 100644 --- a/src/configure.ac +++ b/src/configure.ac @@ -169,7 +169,7 @@ PLUGIN_ENABLED(lb) PLUGIN_ENABLED(memif) PLUGIN_ENABLED(pppoe) PLUGIN_ENABLED(sixrd) -PLUGIN_ENABLED(snat) +PLUGIN_ENABLED(nat) ############################################################################### # Dependency checks diff --git a/src/examples/sample-plugin/sample_plugin_doc.md b/src/examples/sample-plugin/sample_plugin_doc.md index 9348094c..501a8dca 100644 --- a/src/examples/sample-plugin/sample_plugin_doc.md +++ b/src/examples/sample-plugin/sample_plugin_doc.md @@ -29,7 +29,7 @@ Now run VPP and make sure the plugin is loaded. ... load_one_plugin:184: Loaded plugin: memif_plugin.so (Packet Memory Interface (experimetal)) load_one_plugin:184: Loaded plugin: sample_plugin.so (Sample of VPP Plugin) - load_one_plugin:184: Loaded plugin: snat_plugin.so (Network Address Translation) + load_one_plugin:184: Loaded plugin: nat_plugin.so (Network Address Translation) ... DBGvpp# diff --git a/src/plugins/Makefile.am b/src/plugins/Makefile.am index 8c7b3fac..205bfe6d 100644 --- a/src/plugins/Makefile.am +++ b/src/plugins/Makefile.am @@ -74,8 +74,8 @@ if ENABLE_SIXRD_PLUGIN include sixrd.am endif -if ENABLE_SNAT_PLUGIN -include snat.am +if ENABLE_NAT_PLUGIN +include nat.am endif include ../suffix-rules.mk diff --git a/src/plugins/nat.am b/src/plugins/nat.am new file mode 100644 index 00000000..b967a716 --- /dev/null +++ b/src/plugins/nat.am @@ -0,0 +1,41 @@ + +# Copyright (c) <current-year> <your-organization> +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at: +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +vppapitestplugins_LTLIBRARIES += nat_test_plugin.la +vppplugins_LTLIBRARIES += nat_plugin.la + +nat_plugin_la_SOURCES = nat/nat.c \ + nat/nat_api.c \ + nat/in2out.c \ + nat/out2in.c \ + nat/nat_plugin.api.h \ + nat/nat_ipfix_logging.c \ + nat/nat_det.c \ + nat/nat64.c \ + nat/nat64_cli.c \ + nat/nat64_in2out.c \ + nat/nat64_out2in.c \ + nat/nat64_db.c + +API_FILES += nat/nat.api + +nobase_apiinclude_HEADERS += \ + nat/nat_all_api_h.h \ + nat/nat_msg_enum.h \ + nat/nat.api.h + +nat_test_plugin_la_SOURCES = \ + nat/nat_test.c nat/nat_plugin.api.h + +# vi:syntax=automake diff --git a/src/plugins/snat/in2out.c b/src/plugins/nat/in2out.c index abe0d9db..62a11170 100644 --- a/src/plugins/snat/in2out.c +++ b/src/plugins/nat/in2out.c @@ -21,9 +21,9 @@ #include <vnet/ip/ip.h> #include <vnet/ethernet/ethernet.h> #include <vnet/fib/ip4_fib.h> -#include <snat/snat.h> -#include <snat/snat_ipfix_logging.h> -#include <snat/snat_det.h> +#include <nat/nat.h> +#include <nat/nat_ipfix_logging.h> +#include <nat/nat_det.h> #include <vppinfra/hash.h> #include <vppinfra/error.h> @@ -49,8 +49,8 @@ static u8 * format_snat_in2out_trace (u8 * s, va_list * args) snat_in2out_trace_t * t = va_arg (*args, snat_in2out_trace_t *); char * tag; - tag = t->is_slow_path ? "SNAT_IN2OUT_SLOW_PATH" : "SNAT_IN2OUT_FAST_PATH"; - + tag = t->is_slow_path ? "NAT44_IN2OUT_SLOW_PATH" : "NAT44_IN2OUT_FAST_PATH"; + s = format (s, "%s: sw_if_index %d, next index %d, session %d", tag, t->sw_if_index, t->next_index, t->session_index); @@ -63,7 +63,7 @@ static u8 * format_snat_in2out_fast_trace (u8 * s, va_list * args) CLIB_UNUSED (vlib_node_t * node) = va_arg (*args, vlib_node_t *); snat_in2out_trace_t * t = va_arg (*args, snat_in2out_trace_t *); - s = format (s, "SANT_IN2OUT_FAST: sw_if_index %d, next index %d", + s = format (s, "NAT44_IN2OUT_FAST: sw_if_index %d, next index %d", t->sw_if_index, t->next_index); return s; @@ -78,7 +78,7 @@ static u8 * format_snat_in2out_worker_handoff_trace (u8 * s, va_list * args) char * m; m = t->do_handoff ? "next worker" : "same worker"; - s = format (s, "SNAT_IN2OUT_WORKER_HANDOFF: %s %d", m, t->next_worker_index); + s = format (s, "NAT44_IN2OUT_WORKER_HANDOFF: %s %d", m, t->next_worker_index); return s; } @@ -102,7 +102,7 @@ _(OUT_OF_PORTS, "Out of ports") \ _(BAD_OUTSIDE_FIB, "Outside VRF ID not found") \ _(BAD_ICMP_TYPE, "unsupported ICMP type") \ _(NO_TRANSLATION, "No translation") - + typedef enum { #define _(sym,str) SNAT_IN2OUT_ERROR_##sym, foreach_snat_in2out_error @@ -138,11 +138,11 @@ typedef enum { * Packets aimed at outside interface and external addresss with active session * should be translated. * - * @param sm SNAT main - * @param rt SNAT runtime data + * @param sm NAT main + * @param rt NAT runtime data * @param sw_if_index0 index of the inside interface * @param ip0 IPv4 header - * @param proto0 SNAT protocol + * @param proto0 NAT protocol * @param rx_fib_index0 RX FIB index * * @returns 0 if packet should be translated otherwise 1 @@ -254,7 +254,7 @@ static u32 slow_path (snat_main_t *sm, vlib_buffer_t *b0, user_key.addr = ip0->src_address; user_key.fib_index = rx_fib_index0; kv0.key = user_key.as_u64; - + /* Ever heard of the "user" = src ip4 address before? */ if (clib_bihash_search_8_8 (&sm->user_hash, &kv0, &value0)) { @@ -387,7 +387,7 @@ static u32 slow_path (snat_main_t *sm, vlib_buffer_t *b0, /* Create a new session */ pool_get (sm->per_thread_data[thread_index].sessions, s); memset (s, 0, sizeof (*s)); - + s->outside_address_index = address_index; if (static_mapping) @@ -418,7 +418,7 @@ static u32 slow_path (snat_main_t *sm, vlib_buffer_t *b0, per_user_translation_list_elt - sm->per_thread_data[thread_index].list_pool); } - + s->in2out = *key0; s->out2in = key1; s->out2in.protocol = key0->protocol; @@ -431,10 +431,10 @@ static u32 slow_path (snat_main_t *sm, vlib_buffer_t *b0, kv0.value = s - sm->per_thread_data[thread_index].sessions; if (clib_bihash_add_del_8_8 (&sm->in2out, &kv0, 1 /* is_add */)) clib_warning ("in2out key add failed"); - + kv0.key = s->out2in.as_u64; kv0.value = s - sm->per_thread_data[thread_index].sessions; - + if (clib_bihash_add_del_8_8 (&sm->out2in, &kv0, 1 /* is_add */)) clib_warning ("out2in key add failed"); @@ -502,11 +502,11 @@ snat_in2out_error_t icmp_get_key(ip4_header_t *ip0, } /** - * Get address and port values to be used for packet SNAT translation + * Get address and port values to be used for ICMP packet translation * and create session if needed * - * @param[in,out] sm SNAT main - * @param[in,out] node SNAT node runtime + * @param[in,out] sm NAT main + * @param[in,out] node NAT node runtime * @param[in] thread_index thread index * @param[in,out] b0 buffer containing packet to be translated * @param[out] p_proto protocol used for matching @@ -601,10 +601,10 @@ out: } /** - * Get address and port values to be used for packet SNAT translation + * Get address and port values to be used for ICMP packet translation * - * @param[in] sm SNAT main - * @param[in,out] node SNAT node runtime + * @param[in] sm NAT main + * @param[in,out] node NAT node runtime * @param[in] thread_index thread index * @param[in,out] b0 buffer containing packet to be translated * @param[out] p_proto protocol used for matching @@ -732,7 +732,7 @@ static inline u32 icmp_in2out (snat_main_t *sm, sum0 = ip_csum_update (sum0, old_addr0, new_addr0, ip4_header_t, src_address /* changed member */); ip0->checksum = ip_csum_fold (sum0); - + if (!icmp_is_error_message (icmp0)) { new_id0 = sm0.port; @@ -810,12 +810,12 @@ out: * communicate even if they only use each other's external IP addresses * and ports. * - * @param sm SNAT main. + * @param sm NAT main. * @param b0 Vlib buffer. * @param ip0 IP header. * @param udp0 UDP header. * @param tcp0 TCP header. - * @param proto0 SNAT protocol. + * @param proto0 NAT protocol. */ static inline void snat_hairpinning (snat_main_t *sm, @@ -1413,14 +1413,14 @@ snat_in2out_node_fn_inline (vlib_main_t * vm, snat_session_t * s0 = 0, * s1 = 0; clib_bihash_kv_8_8_t kv0, value0, kv1, value1; u32 iph_offset0 = 0, iph_offset1 = 0; - + /* Prefetch next iteration. */ { vlib_buffer_t * p2, * p3; - + p2 = vlib_get_buffer (vm, from[2]); p3 = vlib_get_buffer (vm, from[3]); - + vlib_prefetch_buffer_header (p2, LOAD); vlib_prefetch_buffer_header (p3, LOAD); @@ -1435,7 +1435,7 @@ snat_in2out_node_fn_inline (vlib_main_t * vm, to_next += 2; n_left_from -= 2; n_left_to_next -= 2; - + b0 = vlib_get_buffer (vm, bi0); b1 = vlib_get_buffer (vm, bi1); @@ -1450,7 +1450,7 @@ snat_in2out_node_fn_inline (vlib_main_t * vm, icmp0 = (icmp46_header_t *) udp0; sw_if_index0 = vnet_buffer(b0)->sw_if_index[VLIB_RX]; - rx_fib_index0 = vec_elt (sm->ip4_main->fib_index_by_sw_if_index, + rx_fib_index0 = vec_elt (sm->ip4_main->fib_index_by_sw_if_index, sw_if_index0); next0 = next1 = SNAT_IN2OUT_NEXT_LOOKUP; @@ -1479,8 +1479,8 @@ snat_in2out_node_fn_inline (vlib_main_t * vm, if (PREDICT_FALSE (proto0 == SNAT_PROTOCOL_ICMP)) { - next0 = icmp_in2out_slow_path - (sm, b0, ip0, icmp0, sw_if_index0, rx_fib_index0, + next0 = icmp_in2out_slow_path + (sm, b0, ip0, icmp0, sw_if_index0, rx_fib_index0, node, next0, now, thread_index, &s0); goto trace00; } @@ -1498,7 +1498,7 @@ snat_in2out_node_fn_inline (vlib_main_t * vm, key0.port = udp0->src_port; key0.protocol = proto0; key0.fib_index = rx_fib_index0; - + kv0.key = key0.as_u64; if (PREDICT_FALSE (clib_bihash_search_8_8 (&sm->in2out, &kv0, &value0) != 0)) @@ -1577,10 +1577,10 @@ snat_in2out_node_fn_inline (vlib_main_t * vm, } trace00: - if (PREDICT_FALSE((node->flags & VLIB_NODE_FLAG_TRACE) - && (b0->flags & VLIB_BUFFER_IS_TRACED))) + if (PREDICT_FALSE((node->flags & VLIB_NODE_FLAG_TRACE) + && (b0->flags & VLIB_BUFFER_IS_TRACED))) { - snat_in2out_trace_t *t = + snat_in2out_trace_t *t = vlib_add_trace (vm, node, b0, sizeof (*t)); t->is_slow_path = is_slow_path; t->sw_if_index = sw_if_index0; @@ -1603,7 +1603,7 @@ snat_in2out_node_fn_inline (vlib_main_t * vm, icmp1 = (icmp46_header_t *) udp1; sw_if_index1 = vnet_buffer(b1)->sw_if_index[VLIB_RX]; - rx_fib_index1 = vec_elt (sm->ip4_main->fib_index_by_sw_if_index, + rx_fib_index1 = vec_elt (sm->ip4_main->fib_index_by_sw_if_index, sw_if_index1); if (PREDICT_FALSE(ip1->ttl == 1)) @@ -1630,7 +1630,7 @@ snat_in2out_node_fn_inline (vlib_main_t * vm, if (PREDICT_FALSE (proto1 == SNAT_PROTOCOL_ICMP)) { - next1 = icmp_in2out_slow_path + next1 = icmp_in2out_slow_path (sm, b1, ip1, icmp1, sw_if_index1, rx_fib_index1, node, next1, now, thread_index, &s1); goto trace01; @@ -1649,7 +1649,7 @@ snat_in2out_node_fn_inline (vlib_main_t * vm, key1.port = udp1->src_port; key1.protocol = proto1; key1.fib_index = rx_fib_index1; - + kv1.key = key1.as_u64; if (PREDICT_FALSE(clib_bihash_search_8_8 (&sm->in2out, &kv1, &value1) != 0)) @@ -1728,10 +1728,10 @@ snat_in2out_node_fn_inline (vlib_main_t * vm, } trace01: - if (PREDICT_FALSE((node->flags & VLIB_NODE_FLAG_TRACE) - && (b1->flags & VLIB_BUFFER_IS_TRACED))) + if (PREDICT_FALSE((node->flags & VLIB_NODE_FLAG_TRACE) + && (b1->flags & VLIB_BUFFER_IS_TRACED))) { - snat_in2out_trace_t *t = + snat_in2out_trace_t *t = vlib_add_trace (vm, node, b1, sizeof (*t)); t->sw_if_index = sw_if_index1; t->next_index = next1; @@ -1790,7 +1790,7 @@ snat_in2out_node_fn_inline (vlib_main_t * vm, icmp0 = (icmp46_header_t *) udp0; sw_if_index0 = vnet_buffer(b0)->sw_if_index[VLIB_RX]; - rx_fib_index0 = vec_elt (sm->ip4_main->fib_index_by_sw_if_index, + rx_fib_index0 = vec_elt (sm->ip4_main->fib_index_by_sw_if_index, sw_if_index0); if (PREDICT_FALSE(ip0->ttl == 1)) @@ -1817,7 +1817,7 @@ snat_in2out_node_fn_inline (vlib_main_t * vm, if (PREDICT_FALSE (proto0 == SNAT_PROTOCOL_ICMP)) { - next0 = icmp_in2out_slow_path + next0 = icmp_in2out_slow_path (sm, b0, ip0, icmp0, sw_if_index0, rx_fib_index0, node, next0, now, thread_index, &s0); goto trace0; @@ -1836,7 +1836,7 @@ snat_in2out_node_fn_inline (vlib_main_t * vm, key0.port = udp0->src_port; key0.protocol = proto0; key0.fib_index = rx_fib_index0; - + kv0.key = key0.as_u64; if (clib_bihash_search_8_8 (&sm->in2out, &kv0, &value0)) @@ -1916,10 +1916,10 @@ snat_in2out_node_fn_inline (vlib_main_t * vm, } trace0: - if (PREDICT_FALSE((node->flags & VLIB_NODE_FLAG_TRACE) - && (b0->flags & VLIB_BUFFER_IS_TRACED))) + if (PREDICT_FALSE((node->flags & VLIB_NODE_FLAG_TRACE) + && (b0->flags & VLIB_BUFFER_IS_TRACED))) { - snat_in2out_trace_t *t = + snat_in2out_trace_t *t = vlib_add_trace (vm, node, b0, sizeof (*t)); t->is_slow_path = is_slow_path; t->sw_if_index = sw_if_index0; @@ -1940,8 +1940,8 @@ snat_in2out_node_fn_inline (vlib_main_t * vm, vlib_put_next_frame (vm, node, next_index, n_left_to_next); } - vlib_node_increment_counter (vm, stats_node_index, - SNAT_IN2OUT_ERROR_IN2OUT_PACKETS, + vlib_node_increment_counter (vm, stats_node_index, + SNAT_IN2OUT_ERROR_IN2OUT_PACKETS, pkts_processed); return frame->n_vectors; } @@ -1956,7 +1956,7 @@ snat_in2out_fast_path_fn (vlib_main_t * vm, VLIB_REGISTER_NODE (snat_in2out_node) = { .function = snat_in2out_fast_path_fn, - .name = "snat-in2out", + .name = "nat44-in2out", .vector_size = sizeof (u32), .format_trace = format_snat_in2out_trace, .type = VLIB_NODE_TYPE_INTERNAL, @@ -1972,7 +1972,7 @@ VLIB_REGISTER_NODE (snat_in2out_node) = { .next_nodes = { [SNAT_IN2OUT_NEXT_DROP] = "error-drop", [SNAT_IN2OUT_NEXT_LOOKUP] = "ip4-lookup", - [SNAT_IN2OUT_NEXT_SLOW_PATH] = "snat-in2out-slowpath", + [SNAT_IN2OUT_NEXT_SLOW_PATH] = "nat44-in2out-slowpath", [SNAT_IN2OUT_NEXT_ICMP_ERROR] = "ip4-icmp-error", }, }; @@ -1989,7 +1989,7 @@ snat_in2out_output_fast_path_fn (vlib_main_t * vm, VLIB_REGISTER_NODE (snat_in2out_output_node) = { .function = snat_in2out_output_fast_path_fn, - .name = "snat-in2out-output", + .name = "nat44-in2out-output", .vector_size = sizeof (u32), .format_trace = format_snat_in2out_trace, .type = VLIB_NODE_TYPE_INTERNAL, @@ -2005,7 +2005,7 @@ VLIB_REGISTER_NODE (snat_in2out_output_node) = { .next_nodes = { [SNAT_IN2OUT_NEXT_DROP] = "error-drop", [SNAT_IN2OUT_NEXT_LOOKUP] = "interface-output", - [SNAT_IN2OUT_NEXT_SLOW_PATH] = "snat-in2out-output-slowpath", + [SNAT_IN2OUT_NEXT_SLOW_PATH] = "nat44-in2out-output-slowpath", [SNAT_IN2OUT_NEXT_ICMP_ERROR] = "ip4-icmp-error", }, }; @@ -2023,7 +2023,7 @@ snat_in2out_slow_path_fn (vlib_main_t * vm, VLIB_REGISTER_NODE (snat_in2out_slowpath_node) = { .function = snat_in2out_slow_path_fn, - .name = "snat-in2out-slowpath", + .name = "nat44-in2out-slowpath", .vector_size = sizeof (u32), .format_trace = format_snat_in2out_trace, .type = VLIB_NODE_TYPE_INTERNAL, @@ -2039,7 +2039,7 @@ VLIB_REGISTER_NODE (snat_in2out_slowpath_node) = { .next_nodes = { [SNAT_IN2OUT_NEXT_DROP] = "error-drop", [SNAT_IN2OUT_NEXT_LOOKUP] = "ip4-lookup", - [SNAT_IN2OUT_NEXT_SLOW_PATH] = "snat-in2out-slowpath", + [SNAT_IN2OUT_NEXT_SLOW_PATH] = "nat44-in2out-slowpath", [SNAT_IN2OUT_NEXT_ICMP_ERROR] = "ip4-icmp-error", }, }; @@ -2057,7 +2057,7 @@ snat_in2out_output_slow_path_fn (vlib_main_t * vm, VLIB_REGISTER_NODE (snat_in2out_output_slowpath_node) = { .function = snat_in2out_output_slow_path_fn, - .name = "snat-in2out-output-slowpath", + .name = "nat44-in2out-output-slowpath", .vector_size = sizeof (u32), .format_trace = format_snat_in2out_trace, .type = VLIB_NODE_TYPE_INTERNAL, @@ -2073,7 +2073,7 @@ VLIB_REGISTER_NODE (snat_in2out_output_slowpath_node) = { .next_nodes = { [SNAT_IN2OUT_NEXT_DROP] = "error-drop", [SNAT_IN2OUT_NEXT_LOOKUP] = "interface-output", - [SNAT_IN2OUT_NEXT_SLOW_PATH] = "snat-in2out-output-slowpath", + [SNAT_IN2OUT_NEXT_SLOW_PATH] = "nat44-in2out-output-slowpath", [SNAT_IN2OUT_NEXT_ICMP_ERROR] = "ip4-icmp-error", }, }; @@ -2658,7 +2658,7 @@ snat_det_in2out_node_fn (vlib_main_t * vm, VLIB_REGISTER_NODE (snat_det_in2out_node) = { .function = snat_det_in2out_node_fn, - .name = "snat-det-in2out", + .name = "nat44-det-in2out", .vector_size = sizeof (u32), .format_trace = format_snat_in2out_trace, .type = VLIB_NODE_TYPE_INTERNAL, @@ -2681,11 +2681,11 @@ VLIB_REGISTER_NODE (snat_det_in2out_node) = { VLIB_NODE_FUNCTION_MULTIARCH (snat_det_in2out_node, snat_det_in2out_node_fn); /** - * Get address and port values to be used for packet SNAT translation + * Get address and port values to be used for ICMP packet translation * and create session if needed * - * @param[in,out] sm SNAT main - * @param[in,out] node SNAT node runtime + * @param[in,out] sm NAT main + * @param[in,out] node NAT node runtime * @param[in] thread_index thread index * @param[in,out] b0 buffer containing packet to be translated * @param[out] p_proto protocol used for matching @@ -3009,7 +3009,7 @@ snat_in2out_worker_handoff_fn (vlib_main_t * vm, VLIB_REGISTER_NODE (snat_in2out_worker_handoff_node) = { .function = snat_in2out_worker_handoff_fn, - .name = "snat-in2out-worker-handoff", + .name = "nat44-in2out-worker-handoff", .vector_size = sizeof (u32), .format_trace = format_snat_in2out_worker_handoff_trace, .type = VLIB_NODE_TYPE_INTERNAL, @@ -3034,7 +3034,7 @@ snat_in2out_output_worker_handoff_fn (vlib_main_t * vm, VLIB_REGISTER_NODE (snat_in2out_output_worker_handoff_node) = { .function = snat_in2out_output_worker_handoff_fn, - .name = "snat-in2out-output-worker-handoff", + .name = "nat44-in2out-output-worker-handoff", .vector_size = sizeof (u32), .format_trace = format_snat_in2out_worker_handoff_trace, .type = VLIB_NODE_TYPE_INTERNAL, @@ -3160,7 +3160,7 @@ snat_hairpin_dst_fn (vlib_main_t * vm, VLIB_REGISTER_NODE (snat_hairpin_dst_node) = { .function = snat_hairpin_dst_fn, - .name = "snat-hairpin-dst", + .name = "nat44-hairpin-dst", .vector_size = sizeof (u32), .type = VLIB_NODE_TYPE_INTERNAL, .n_errors = ARRAY_LEN(snat_in2out_error_strings), @@ -3240,7 +3240,7 @@ snat_hairpin_src_fn (vlib_main_t * vm, VLIB_REGISTER_NODE (snat_hairpin_src_node) = { .function = snat_hairpin_src_fn, - .name = "snat-hairpin-src", + .name = "nat44-hairpin-src", .vector_size = sizeof (u32), .type = VLIB_NODE_TYPE_INTERNAL, .n_errors = ARRAY_LEN(snat_in2out_error_strings), @@ -3248,9 +3248,9 @@ VLIB_REGISTER_NODE (snat_hairpin_src_node) = { .n_next_nodes = SNAT_HAIRPIN_SRC_N_NEXT, .next_nodes = { [SNAT_HAIRPIN_SRC_NEXT_DROP] = "error-drop", - [SNAT_HAIRPIN_SRC_NEXT_SNAT_IN2OUT] = "snat-in2out-output", + [SNAT_HAIRPIN_SRC_NEXT_SNAT_IN2OUT] = "nat44-in2out-output", [SNAT_HAIRPIN_SRC_NEXT_INTERFACE_OUTPUT] = "interface-output", - [SNAT_HAIRPIN_SRC_NEXT_SNAT_IN2OUT_WH] = "snat-in2out-output-worker-handoff", + [SNAT_HAIRPIN_SRC_NEXT_SNAT_IN2OUT_WH] = "nat44-in2out-output-worker-handoff", }, }; @@ -3430,23 +3430,23 @@ snat_in2out_fast_static_map_fn (vlib_main_t * vm, VLIB_REGISTER_NODE (snat_in2out_fast_node) = { .function = snat_in2out_fast_static_map_fn, - .name = "snat-in2out-fast", + .name = "nat44-in2out-fast", .vector_size = sizeof (u32), .format_trace = format_snat_in2out_fast_trace, .type = VLIB_NODE_TYPE_INTERNAL, - + .n_errors = ARRAY_LEN(snat_in2out_error_strings), .error_strings = snat_in2out_error_strings, .runtime_data_bytes = sizeof (snat_runtime_t), - + .n_next_nodes = SNAT_IN2OUT_N_NEXT, /* edit / add dispositions here */ .next_nodes = { [SNAT_IN2OUT_NEXT_DROP] = "error-drop", [SNAT_IN2OUT_NEXT_LOOKUP] = "ip4-lookup", - [SNAT_IN2OUT_NEXT_SLOW_PATH] = "snat-in2out-slowpath", + [SNAT_IN2OUT_NEXT_SLOW_PATH] = "nat44-in2out-slowpath", [SNAT_IN2OUT_NEXT_ICMP_ERROR] = "ip4-icmp-error", }, }; diff --git a/src/plugins/snat/snat.api b/src/plugins/nat/nat.api index 3c493dda..7245cb07 100644 --- a/src/plugins/snat/snat.api +++ b/src/plugins/nat/nat.api @@ -13,14 +13,18 @@ * limitations under the License. */ /** - * @file snat.api + * @file nat.api * @brief VPP control-plane API messages. * * This file defines VPP control-plane API messages which are generally * called through a shared memory interface. */ -/** \brief Add/del S-NAT address range +/* + * Old "snat" APIs, will be deprecated after 17.10 + */ + +/** \brief Add/del NAT44 address range @param client_index - opaque cookie to identify the sender @param context - sender context, to match reply w/ request @param is_ip4 - 1 if address type is IPv4 @@ -39,7 +43,7 @@ autoreply define snat_add_address_range { u8 is_add; }; -/** \brief Dump S-NAT addresses +/** \brief Dump NAT44 addresses @param client_index - opaque cookie to identify the sender @param context - sender context, to match reply w/ request */ @@ -48,7 +52,7 @@ define snat_address_dump { u32 context; }; -/** \brief S-NAT address details response +/** \brief NAT44 address details response @param context - sender context, to match reply w/ request @param is_ip4 - 1 if address type is IPv4 @param ip_address - IP address @@ -61,7 +65,7 @@ define snat_address_details { u32 vrf_id; }; -/** \brief Enable/disable S-NAT feature on the interface +/** \brief Enable/disable NAT44 feature on the interface @param client_index - opaque cookie to identify the sender @param context - sender context, to match reply w/ request @param is_add - 1 if add, 0 if delete @@ -76,7 +80,7 @@ autoreply define snat_interface_add_del_feature { u32 sw_if_index; }; -/** \brief Dump interfaces with S-NAT feature +/** \brief Dump interfaces with NAT44 feature @param client_index - opaque cookie to identify the sender @param context - sender context, to match reply w/ request */ @@ -85,7 +89,7 @@ define snat_interface_dump { u32 context; }; -/** \brief S-NAT interface details response +/** \brief NAT44 interface details response @param context - sender context, to match reply w/ request @param is_inside - 1 if inside, 0 if outside @param sw_if_index - software index of the interface @@ -96,7 +100,7 @@ define snat_interface_details { u32 sw_if_index; }; -/** \brief Enable/disbale S-NAT as an interface output feature (postrouting +/** \brief Enable/disbale NAT44 as an interface output feature (postrouting in2out translation) @param client_index - opaque cookie to identify the sender @param context - sender context, to match reply w/ request @@ -112,7 +116,7 @@ autoreply define snat_interface_add_del_output_feature { u32 sw_if_index; }; -/** \brief Dump interfaces with S-NAT output feature +/** \brief Dump interfaces with NAT44 output feature @param client_index - opaque cookie to identify the sender @param context - sender context, to match reply w/ request */ @@ -121,7 +125,7 @@ define snat_interface_output_feature_dump { u32 context; }; -/** \brief S-NAT interface with output feature details response +/** \brief NAT44 interface with output feature details response @param context - sender context, to match reply w/ request @param is_inside - 1 if inside, 0 if outside @param sw_if_index - software index of the interface @@ -132,7 +136,7 @@ define snat_interface_output_feature_details { u32 sw_if_index; }; -/** \brief Add/delete S-NAT static mapping +/** \brief Add/delete NAT44 static mapping @param client_index - opaque cookie to identify the sender @param context - sender context, to match reply w/ request @param is_add - 1 if add, 0 if delete @@ -163,7 +167,7 @@ autoreply define snat_add_static_mapping { u32 vrf_id; }; -/** \brief Dump S-NAT static mappings +/** \brief Dump NAT44 static mappings @param client_index - opaque cookie to identify the sender @param context - sender context, to match reply w/ request */ @@ -172,7 +176,7 @@ define snat_static_mapping_dump { u32 context; }; -/** \brief S-NAT static mapping details response +/** \brief NAT44 static mapping details response @param context - sender context, to match reply w/ request @param is_ip4 - 1 if address type is IPv4 @param addr_only - 1 if address only mapping @@ -221,7 +225,7 @@ define snat_control_ping_reply u32 vpe_pid; }; -/** \brief Show S-NAT plugin startup config +/** \brief Show NAT plugin startup config @param client_index - opaque cookie to identify the sender @param context - sender context, to match reply w/ request */ @@ -231,7 +235,7 @@ define snat_show_config u32 context; }; -/** \brief Show S-NAT plugin startup config reply +/** \brief Show NAT plugin startup config reply @param context - sender context, to match reply w/ request @param retval - return code for the request @param static_mapping_only - if 1 dynamic translations disabled @@ -261,10 +265,10 @@ define snat_show_config_reply u32 inside_vrf_id; }; -/** \brief Set S-NAT workers +/** \brief Set NAT workers @param client_index - opaque cookie to identify the sender @param context - sender context, to match reply w/ request - @param worker_mask - S-NAT workers mask + @param worker_mask - NAT workers mask */ autoreply define snat_set_workers { u32 client_index; @@ -272,7 +276,7 @@ autoreply define snat_set_workers { u64 worker_mask; }; -/** \brief Dump S-NAT workers +/** \brief Dump NAT workers @param client_index - opaque cookie to identify the sender @param context - sender context, to match reply w/ request */ @@ -281,7 +285,7 @@ define snat_worker_dump { u32 context; }; -/** \brief S-NAT workers details response +/** \brief NAT workers details response @param context - sender context, to match reply w/ request @param worker_index - worker index @param lcore_id - lcore ID @@ -294,7 +298,7 @@ define snat_worker_details { u8 name[64]; }; -/** \brief Add/delete S-NAT pool address from specific interfce +/** \brief Add/delete NAT44 pool address from specific interfce @param client_index - opaque cookie to identify the sender @param context - sender context, to match reply w/ request @param is_add - 1 if add, 0 if delete @@ -308,7 +312,7 @@ autoreply define snat_add_del_interface_addr { u32 sw_if_index; }; -/** \brief Dump S-NAT pool addresses interfaces +/** \brief Dump NAT44 pool addresses interfaces @param client_index - opaque cookie to identify the sender @param context - sender context, to match reply w/ request */ @@ -317,7 +321,7 @@ define snat_interface_addr_dump { u32 context; }; -/** \brief S-NAT pool addresses interfaces details response +/** \brief NAT44 pool addresses interfaces details response @param context - sender context, to match reply w/ request @param sw_if_index - software index of the interface */ @@ -326,7 +330,7 @@ define snat_interface_addr_details { u32 sw_if_index; }; -/** \brief Enable/disable S-NAT IPFIX logging +/** \brief Enable/disable NAT IPFIX logging @param client_index - opaque cookie to identify the sender @param context - sender context, to match reply w/ request @param domain_id - observation domain ID @@ -341,7 +345,7 @@ autoreply define snat_ipfix_enable_disable { u8 enable; }; -/** \brief Dump S-NAT users +/** \brief Dump NAT44 users @param client_index - opaque cookie to identify the sender @param context - sender context, to match reply w/ request */ @@ -350,7 +354,7 @@ define snat_user_dump { u32 context; }; -/** \brief S-NAT users response +/** \brief NAT44 users response @param context - sender context, to match reply w/ request @vrf_id - VRF ID @param is_ip4 - 1 if address type is IPv4 @@ -367,7 +371,7 @@ define snat_user_details { u32 nstaticsessions; }; -/** \brief S-NAT user's sessions +/** \brief NAT44 user's sessions @param client_index - opaque cookie to identify the sender @param context - sender context, to match reply w/ request @param is_ip4 - 1 if address type is IPv4 @@ -382,7 +386,7 @@ define snat_user_session_dump { u32 vrf_id; }; -/** \brief S-NAT user's sessions response +/** \brief NAT44 user's sessions response @param context - sender context, to match reply w/ request @param is_ip4 - 1 if address type is IPv4 @param outside_ip_address - outside IP address @@ -409,7 +413,7 @@ define snat_user_session_details { u32 total_pkts; }; -/** \brief Add/delete S-NAT deterministic mapping +/** \brief Add/delete NAT deterministic mapping @param client_index - opaque cookie to identify the sender @param context - sender context, to match reply w/ request @param is_add - 1 if add, 0 if delete @@ -489,7 +493,7 @@ define snat_det_reverse_reply { u8 in_addr[16]; }; -/** \brief Dump S-NAT deterministic mappings +/** \brief Dump NAT deterministic mappings @param client_index - opaque cookie to identify the sender @param context - sender context, to match reply w/ request */ @@ -498,7 +502,7 @@ define snat_det_map_dump { u32 context; }; -/** \brief S-NAT users response +/** \brief NAT users response @param context - sender context, to match reply w/ request @param is_ip4 - 1 if address type is IPv4 @param in_addr - inside IP address @@ -564,7 +568,7 @@ define snat_det_get_timeouts_reply { u32 icmp; }; -/** \brief Close CGNAT session by outside address and port +/** \brief Close deterministic NAT session by outside address and port @param client_index - opaque cookie to identify the sender @param context - sender context, to match reply w/ request @param is_ip4 - 1 if address type is IPv4 @@ -583,7 +587,7 @@ autoreply define snat_det_close_session_out { u16 ext_port; }; -/** \brief Close CGNAT session by inside address and port +/** \brief Close deterministic NAT session by inside address and port @param client_index - opaque cookie to identify the sender @param context - sender context, to match reply w/ request @param is_ip4 - 1 if address type is IPv4 @@ -602,7 +606,7 @@ autoreply define snat_det_close_session_in { u16 ext_port; }; -/** \brief Dump S-NAT deterministic sessions +/** \brief Dump determinstic NAT sessions @param client_index - opaque cookie to identify the sender @param context - sender context, to match reply w/ request @param is_ip4 - 1 if address type is IPv4 @@ -615,7 +619,7 @@ define snat_det_session_dump { u8 user_addr[16]; }; -/** \brief S-NAT deterministic sessions reply +/** \brief Deterministic NAT sessions reply @param context - sender context, to match reply w/ request @param is_ip4 - 1 if address type is IPv4 @param in_port - inside port @@ -637,6 +641,618 @@ define snat_det_session_details { u32 expire; }; +/* + * Common NAT plugin APIs + */ + +/** \brief Control ping from client to api server request + @param client_index - opaque cookie to identify the sender + @param context - sender context, to match reply w/ request +*/ +define nat_control_ping +{ + u32 client_index; + u32 context; +}; + +/** \brief Control ping from the client to the server response + @param client_index - opaque cookie to identify the sender + @param context - sender context, to match reply w/ request + @param retval - return code for the request + @param vpe_pid - the pid of the vpe, returned by the server +*/ +define nat_control_ping_reply +{ + u32 context; + i32 retval; + u32 client_index; + u32 vpe_pid; +}; + +/** \brief Show NAT plugin startup config + @param client_index - opaque cookie to identify the sender + @param context - sender context, to match reply w/ request +*/ +define nat_show_config +{ + u32 client_index; + u32 context; +}; + +/** \brief Show NAT plugin startup config reply + @param context - sender context, to match reply w/ request + @param retval - return code for the request + @param static_mapping_only - if 1 dynamic translations disabled + @param static_mapping_connection_tracking - if 1 create session data + @param deterministic - if 1 deterministic mapping + @param translation_buckets - number of translation hash buckets + @param translation_memory_size - translation hash memory size + @param user_buckets - number of user hash buckets + @param user_memory_size - user hash memory size + @param max_translations_per_user - maximum number of translations per user + @param outside_vrf_id - outside VRF id + @param inside_vrf_id - default inside VRF id +*/ +define nat_show_config_reply +{ + u32 context; + i32 retval; + u8 static_mapping_only; + u8 static_mapping_connection_tracking; + u8 deterministic; + u32 translation_buckets; + u32 translation_memory_size; + u32 user_buckets; + u32 user_memory_size; + u32 max_translations_per_user; + u32 outside_vrf_id; + u32 inside_vrf_id; +}; + +/** \brief Set NAT workers + @param client_index - opaque cookie to identify the sender + @param context - sender context, to match reply w/ request + @param worker_mask - NAT workers mask +*/ +autoreply define nat_set_workers { + u32 client_index; + u32 context; + u64 worker_mask; +}; + +/** \brief Dump NAT workers + @param client_index - opaque cookie to identify the sender + @param context - sender context, to match reply w/ request +*/ +define nat_worker_dump { + u32 client_index; + u32 context; +}; + +/** \brief NAT workers details response + @param context - sender context, to match reply w/ request + @param worker_index - worker index + @param lcore_id - lcore ID + @param name - worker name +*/ +define nat_worker_details { + u32 context; + u32 worker_index; + u32 lcore_id; + u8 name[64]; +}; + +/** \brief Enable/disable NAT IPFIX logging + @param client_index - opaque cookie to identify the sender + @param context - sender context, to match reply w/ request + @param domain_id - observation domain ID + @param src_port - source port number + @param enable - 1 if enable, 0 if disable +*/ +autoreply define nat_ipfix_enable_disable { + u32 client_index; + u32 context; + u32 domain_id; + u16 src_port; + u8 enable; +}; + +/* + * NAT44 APIs + */ + +/** \brief Add/del NAT44 address range + @param client_index - opaque cookie to identify the sender + @param context - sender context, to match reply w/ request + @param first_ip_address - first IPv4 address + @param last_ip_address - last IPv4 address + @param vrf_id - VRF id of tenant, ~0 means independent of VRF + @param is_add - 1 if add, 0 if delete +*/ +autoreply define nat44_add_del_address_range { + u32 client_index; + u32 context; + u8 first_ip_address[4]; + u8 last_ip_address[4]; + u32 vrf_id; + u8 is_add; +}; + +/** \brief Dump NAT44 addresses + @param client_index - opaque cookie to identify the sender + @param context - sender context, to match reply w/ request +*/ +define nat44_address_dump { + u32 client_index; + u32 context; +}; + +/** \brief NAT44 address details response + @param context - sender context, to match reply w/ request + @param ip_address - IPv4 address + @param vrf_id - VRF id of tenant, ~0 means independent of VRF +*/ +define nat44_address_details { + u32 context; + u8 ip_address[4]; + u32 vrf_id; +}; + +/** \brief Enable/disable NAT44 feature on the interface + @param client_index - opaque cookie to identify the sender + @param context - sender context, to match reply w/ request + @param is_add - 1 if add, 0 if delete + @param is_inside - 1 if inside, 0 if outside + @param sw_if_index - software index of the interface +*/ +autoreply define nat44_interface_add_del_feature { + u32 client_index; + u32 context; + u8 is_add; + u8 is_inside; + u32 sw_if_index; +}; + +/** \brief Dump interfaces with NAT44 feature + @param client_index - opaque cookie to identify the sender + @param context - sender context, to match reply w/ request +*/ +define nat44_interface_dump { + u32 client_index; + u32 context; +}; + +/** \brief NAT44 interface details response + @param context - sender context, to match reply w/ request + @param is_inside - 1 if inside, 0 if outside + @param sw_if_index - software index of the interface +*/ +define nat44_interface_details { + u32 context; + u8 is_inside; + u32 sw_if_index; +}; + +/** \brief Enable/disbale NAT44 as an interface output feature (postrouting + in2out translation) + @param client_index - opaque cookie to identify the sender + @param context - sender context, to match reply w/ request + @param is_add - 1 if add, 0 if delete + @param is_inside - 1 if inside, 0 if outside + @param sw_if_index - software index of the interface +*/ +autoreply define nat44_interface_add_del_output_feature { + u32 client_index; + u32 context; + u8 is_add; + u8 is_inside; + u32 sw_if_index; +}; + +/** \brief Dump interfaces with NAT44 output feature + @param client_index - opaque cookie to identify the sender + @param context - sender context, to match reply w/ request +*/ +define nat44_interface_output_feature_dump { + u32 client_index; + u32 context; +}; + +/** \brief NAT44 interface with output feature details response + @param context - sender context, to match reply w/ request + @param is_inside - 1 if inside, 0 if outside + @param sw_if_index - software index of the interface +*/ +define nat44_interface_output_feature_details { + u32 context; + u8 is_inside; + u32 sw_if_index; +}; + +/** \brief Add/delete NAT44 static mapping + @param client_index - opaque cookie to identify the sender + @param context - sender context, to match reply w/ request + @param is_add - 1 if add, 0 if delete + @param addr_only - 1 if address only mapping + @param local_ip_address - local IPv4 address + @param external_ip_address - external IPv4 address + @param protocol - IP protocol + @param local_port - local port number + @param external_port - external port number + @param external_sw_if_index - external interface (if set + external_ip_address is ignored, ~0 means not + used) + @param vfr_id - VRF ID +*/ +autoreply define nat44_add_del_static_mapping { + u32 client_index; + u32 context; + u8 is_add; + u8 addr_only; + u8 local_ip_address[4]; + u8 external_ip_address[4]; + u8 protocol; + u16 local_port; + u16 external_port; + u32 external_sw_if_index; + u32 vrf_id; +}; + +/** \brief Dump NAT44 static mappings + @param client_index - opaque cookie to identify the sender + @param context - sender context, to match reply w/ request +*/ +define nat44_static_mapping_dump { + u32 client_index; + u32 context; +}; + +/** \brief NAT44 static mapping details response + @param context - sender context, to match reply w/ request + @param addr_only - 1 if address only mapping + @param local_ip_address - local IPv4 address + @param external_ip_address - external IPv4 address + @param protocol - IP protocol + @param local_port - local port number + @param external_port - external port number + @param external_sw_if_index - external interface + @param vfr_id - VRF ID +*/ +define nat44_static_mapping_details { + u32 context; + u8 addr_only; + u8 local_ip_address[4]; + u8 external_ip_address[4]; + u8 protocol; + u16 local_port; + u16 external_port; + u32 external_sw_if_index; + u32 vrf_id; +}; + +/** \brief Add/delete NAT44 pool address from specific interfce + @param client_index - opaque cookie to identify the sender + @param context - sender context, to match reply w/ request + @param is_add - 1 if add, 0 if delete + @param sw_if_index - software index of the interface +*/ +autoreply define nat44_add_del_interface_addr { + u32 client_index; + u32 context; + u8 is_add; + u8 is_inside; + u32 sw_if_index; +}; + +/** \brief Dump NAT44 pool addresses interfaces + @param client_index - opaque cookie to identify the sender + @param context - sender context, to match reply w/ request +*/ +define nat44_interface_addr_dump { + u32 client_index; + u32 context; +}; + +/** \brief NAT44 pool addresses interfaces details response + @param context - sender context, to match reply w/ request + @param sw_if_index - software index of the interface +*/ +define nat44_interface_addr_details { + u32 context; + u32 sw_if_index; +}; + +/** \brief Dump NAT44 users + @param client_index - opaque cookie to identify the sender + @param context - sender context, to match reply w/ request +*/ +define nat44_user_dump { + u32 client_index; + u32 context; +}; + +/** \brief NAT44 users response + @param context - sender context, to match reply w/ request + @vrf_id - VRF ID + @param ip_adress - IPv4 address + @param nsessions - number of dynamic sessions + @param nstaticsessions - number of static sessions +*/ +define nat44_user_details { + u32 context; + u32 vrf_id; + u8 ip_address[4]; + u32 nsessions; + u32 nstaticsessions; +}; + +/** \brief NAT44 user's sessions + @param client_index - opaque cookie to identify the sender + @param context - sender context, to match reply w/ request + @param is_ip4 - 1 if address type is IPv4 + @param user_ip - IP address of the user to dump + @param vrf_id - VRF_ID +*/ +define nat44_user_session_dump { + u32 client_index; + u32 context; + u8 ip_address[4]; + u32 vrf_id; +}; + +/** \brief NAT44 user's sessions response + @param context - sender context, to match reply w/ request + @param outside_ip_address - outside IPv4 address + @param outside_port - outside port + @param inside_ip_address - inside IPv4 address + @param inside_port - inside port + @param protocol - protocol + @param is_static - 1 if session is static + @param last_heard - last heard timer + @param total_bytes - count of bytes sent through session + @param total_pkts - count of pakets sent through session +*/ +define nat44_user_session_details { + u32 context; + u8 outside_ip_address[4]; + u16 outside_port; + u8 inside_ip_address[4]; + u16 inside_port; + u16 protocol; + u8 is_static; + u64 last_heard; + u64 total_bytes; + u32 total_pkts; +}; + +/* + * Deterministic NAT (CGN) APIs + */ + +/** \brief Add/delete NAT deterministic mapping + @param client_index - opaque cookie to identify the sender + @param context - sender context, to match reply w/ request + @param is_add - 1 if add, 0 if delete + @param is_nat44 - 1 if NAT44 + @param in_addr - inside IP address + @param in_plen - inside IP address prefix length + @param out_addr - outside IPv4 address + @param out_addr - outside IPv4 address prefix length +*/ +autoreply define nat_det_add_del_map { + u32 client_index; + u32 context; + u8 is_add; + u8 is_nat44; + u8 addr_only; + u8 in_addr[16]; + u8 in_plen; + u8 out_addr[4]; + u8 out_plen; +}; + +/** \brief Get outside address and port range from inside address + @param client_index - opaque cookie to identify the sender + @param context - sender context, to match reply w/ request + @param is_nat44 - 1 if NAT44 + @param in_addr - inside IP address +*/ +define nat_det_forward { + u32 client_index; + u32 context; + u8 is_nat44; + u8 in_addr[16]; +}; + +/** \brief Get outside address and port range from inside address + @param context - sender context, to match reply w/ request + @param retval - return code + @param out_port_lo - outside port range start + @param out_port_hi - outside port range end + @param out_addr - outside IPv4 address +*/ +define nat_det_forward_reply { + u32 context; + i32 retval; + u16 out_port_lo; + u16 out_port_hi; + u8 out_addr[4]; +}; + +/** \brief Get inside address from outside address and port + @param client_index - opaque cookie to identify the sender + @param context - sender context, to match reply w/ request + @param out_port - outside port + @param out_addr - outside IPv4 address +*/ +define nat_det_reverse { + u32 client_index; + u32 context; + u16 out_port; + u8 out_addr[4]; +}; + +/** \brief Get inside address from outside address and port reply + @param context - sender context, to match reply w/ request + @param retval - return code + @param is_nat44 - 1 if NAT44 + @param in_addr - inside IP address +*/ +define nat_det_reverse_reply { + u32 context; + i32 retval; + u8 is_nat44; + u8 in_addr[16]; +}; + +/** \brief Dump NAT deterministic mappings + @param client_index - opaque cookie to identify the sender + @param context - sender context, to match reply w/ request +*/ +define nat_det_map_dump { + u32 client_index; + u32 context; +}; + +/** \brief NAT users response + @param context - sender context, to match reply w/ request + @param is_nat44 - 1 if NAT44 + @param in_addr - inside IP address + @param in_plen - inside IP address prefix length + @param out_addr - outside IPv4 address + @param out_plen - outside IPv4 address prefix length + @param sharing_ratio - outside to inside address sharing ratio + @param ports_per_host - number of ports available to a host + @param ses_num - number of sessions belonging to this mapping +*/ +define nat_det_map_details { + u32 context; + u8 is_nat44; + u8 in_addr[16]; + u8 in_plen; + u8 out_addr[4]; + u8 out_plen; + u32 sharing_ratio; + u16 ports_per_host; + u32 ses_num; +}; + +/** \brief Set values of timeouts for deterministic NAT (seconds, 0 = default) + @param client_index - opaque cookie to identify the sender + @param context - sender context, to match reply w/ request + @param udp - UDP timeout (default 300sec) + @param tcp_established - TCP established timeout (default 7440sec) + @param tcp_transitory - TCP transitory timeout (default 240sec) + @param icmp - ICMP timeout (default 60sec) +*/ +autoreply define nat_det_set_timeouts { + u32 client_index; + u32 context; + u32 udp; + u32 tcp_established; + u32 tcp_transitory; + u32 icmp; +}; + +/** \brief Get values of timeouts for deterministic NAT (seconds) + @param client_index - opaque cookie to identify the sender + @param context - sender context, to match reply w/ request +*/ +define nat_det_get_timeouts { + u32 client_index; + u32 context; +}; + +/** \brief Get values of timeouts for deterministic NAT reply + @param context - sender context, to match reply w/ request + @param retval - return code + @param udp - UDP timeout (default 300sec) + @param tcp_established - TCP established timeout (default 7440sec) + @param tcp_transitory - TCP transitory timeout (default 240sec) + @param icmp - ICMP timeout (default 60sec) +*/ +define nat_det_get_timeouts_reply { + u32 context; + i32 retval; + u32 udp; + u32 tcp_established; + u32 tcp_transitory; + u32 icmp; +}; + +/** \brief Close deterministic NAT session by outside address and port + @param client_index - opaque cookie to identify the sender + @param context - sender context, to match reply w/ request + @param out_addr - outside IPv4 address + @param out_port - outside port + @param ext_addr - external host IPv4 address + @param ext_port - external host port +*/ +autoreply define nat_det_close_session_out { + u32 client_index; + u32 context; + u8 out_addr[4]; + u16 out_port; + u8 ext_addr[4]; + u16 ext_port; +}; + +/** \brief Close deterministic NAT session by inside address and port + @param client_index - opaque cookie to identify the sender + @param context - sender context, to match reply w/ request + @param is_nat44 - 1 if NAT44 + @param in_addr - inside IP address + @param in_port - inside port + @param ext_addr - external host IP address + @param ext_port - external host port +*/ +autoreply define nat_det_close_session_in { + u32 client_index; + u32 context; + u8 is_nat44; + u8 in_addr[16]; + u16 in_port; + u8 ext_addr[16]; + u16 ext_port; +}; + +/** \brief Dump determinstic NAT sessions + @param client_index - opaque cookie to identify the sender + @param context - sender context, to match reply w/ request + @param is_nat44 - 1 if NAT44 + @param user_addr - address of an inside user whose sessions to dump +*/ +define nat_det_session_dump { + u32 client_index; + u32 context; + u8 is_nat44; + u8 user_addr[16]; +}; + +/** \brief Deterministic NAT sessions reply + @param context - sender context, to match reply w/ request + @param in_port - inside port + @param ext_addr - external host address + @param ext_port - external host port + @param out_port - outside NAT port + @param state - session state + @param expire - session expiration timestamp +*/ +define nat_det_session_details { + u32 client_index; + u32 context; + u16 in_port; + u8 ext_addr[4]; + u16 ext_port; + u16 out_port; + u8 state; + u32 expire; +}; + +/* + * NAT64 APIs + */ + /** \brief Add/delete address range to NAT64 pool @param client_index - opaque cookie to identify the sender @param context - sender context, to match reply w/ request diff --git a/src/plugins/snat/snat.c b/src/plugins/nat/nat.c index 315cec8a..ac39be95 100644 --- a/src/plugins/snat/snat.c +++ b/src/plugins/nat/nat.c @@ -19,10 +19,10 @@ #include <vnet/ip/ip.h> #include <vnet/ip/ip4.h> #include <vnet/plugin/plugin.h> -#include <snat/snat.h> -#include <snat/snat_ipfix_logging.h> -#include <snat/snat_det.h> -#include <snat/nat64.h> +#include <nat/nat.h> +#include <nat/nat_ipfix_logging.h> +#include <nat/nat_det.h> +#include <nat/nat64.h> #include <vnet/fib/fib_table.h> #include <vnet/fib/ip4_fib.h> @@ -34,64 +34,64 @@ snat_main_t snat_main; /* Hook up input features */ VNET_FEATURE_INIT (ip4_snat_in2out, static) = { .arc_name = "ip4-unicast", - .node_name = "snat-in2out", - .runs_before = VNET_FEATURES ("snat-out2in"), + .node_name = "nat44-in2out", + .runs_before = VNET_FEATURES ("nat44-out2in"), }; VNET_FEATURE_INIT (ip4_snat_out2in, static) = { .arc_name = "ip4-unicast", - .node_name = "snat-out2in", + .node_name = "nat44-out2in", .runs_before = VNET_FEATURES ("ip4-lookup"), }; VNET_FEATURE_INIT (ip4_snat_det_in2out, static) = { .arc_name = "ip4-unicast", - .node_name = "snat-det-in2out", - .runs_before = VNET_FEATURES ("snat-det-out2in"), + .node_name = "nat44-det-in2out", + .runs_before = VNET_FEATURES ("nat44-det-out2in"), }; VNET_FEATURE_INIT (ip4_snat_det_out2in, static) = { .arc_name = "ip4-unicast", - .node_name = "snat-det-out2in", + .node_name = "nat44-det-out2in", .runs_before = VNET_FEATURES ("ip4-lookup"), }; VNET_FEATURE_INIT (ip4_snat_in2out_worker_handoff, static) = { .arc_name = "ip4-unicast", - .node_name = "snat-in2out-worker-handoff", - .runs_before = VNET_FEATURES ("snat-out2in-worker-handoff"), + .node_name = "nat44-in2out-worker-handoff", + .runs_before = VNET_FEATURES ("nat44-out2in-worker-handoff"), }; VNET_FEATURE_INIT (ip4_snat_out2in_worker_handoff, static) = { .arc_name = "ip4-unicast", - .node_name = "snat-out2in-worker-handoff", + .node_name = "nat44-out2in-worker-handoff", .runs_before = VNET_FEATURES ("ip4-lookup"), }; VNET_FEATURE_INIT (ip4_snat_in2out_fast, static) = { .arc_name = "ip4-unicast", - .node_name = "snat-in2out-fast", - .runs_before = VNET_FEATURES ("snat-out2in-fast"), + .node_name = "nat44-in2out-fast", + .runs_before = VNET_FEATURES ("nat44-out2in-fast"), }; VNET_FEATURE_INIT (ip4_snat_out2in_fast, static) = { .arc_name = "ip4-unicast", - .node_name = "snat-out2in-fast", + .node_name = "nat44-out2in-fast", .runs_before = VNET_FEATURES ("ip4-lookup"), }; VNET_FEATURE_INIT (ip4_snat_hairpin_dst, static) = { .arc_name = "ip4-unicast", - .node_name = "snat-hairpin-dst", + .node_name = "nat44-hairpin-dst", .runs_before = VNET_FEATURES ("ip4-lookup"), }; /* Hook up output features */ VNET_FEATURE_INIT (ip4_snat_in2out_output, static) = { .arc_name = "ip4-output", - .node_name = "snat-in2out-output", + .node_name = "nat44-in2out-output", .runs_before = VNET_FEATURES ("interface-output"), }; VNET_FEATURE_INIT (ip4_snat_in2out_output_worker_handoff, static) = { .arc_name = "ip4-output", - .node_name = "snat-in2out-output-worker-handoff", + .node_name = "nat44-in2out-output-worker-handoff", .runs_before = VNET_FEATURES ("interface-output"), }; VNET_FEATURE_INIT (ip4_snat_hairpin_src, static) = { .arc_name = "ip4-output", - .node_name = "snat-hairpin-src", + .node_name = "nat44-hairpin-src", .runs_before = VNET_FEATURES ("interface-output"), }; @@ -210,20 +210,20 @@ static int is_snat_address_used_in_static_mapping (snat_main_t *sm, void increment_v4_address (ip4_address_t * a) { u32 v; - + v = clib_net_to_host_u32(a->as_u32) + 1; a->as_u32 = clib_host_to_net_u32(v); } -static void -snat_add_static_mapping_when_resolved (snat_main_t * sm, - ip4_address_t l_addr, - u16 l_port, - u32 sw_if_index, - u16 e_port, +static void +snat_add_static_mapping_when_resolved (snat_main_t * sm, + ip4_address_t l_addr, + u16 l_port, + u32 sw_if_index, + u16 e_port, u32 vrf_id, snat_protocol_t proto, - int addr_only, + int addr_only, int is_add) { snat_static_map_resolve_t *rp; @@ -275,13 +275,13 @@ int snat_add_static_mapping(ip4_address_t l_addr, ip4_address_t e_addr, ip4_address_t * first_int_addr; /* Might be already set... */ - first_int_addr = ip4_interface_first_address + first_int_addr = ip4_interface_first_address (sm->ip4_main, sw_if_index, 0 /* just want the address*/); /* DHCP resolution required? */ if (first_int_addr == 0) { - snat_add_static_mapping_when_resolved + snat_add_static_mapping_when_resolved (sm, l_addr, l_port, sw_if_index, e_port, vrf_id, proto, addr_only, is_add); return 0; @@ -736,15 +736,15 @@ int snat_interface_add_del (u32 sw_if_index, u8 is_inside, int is_del) snat_det_map_t * dm; if (sm->static_mapping_only && !(sm->static_mapping_connection_tracking)) - feature_name = is_inside ? "snat-in2out-fast" : "snat-out2in-fast"; + feature_name = is_inside ? "nat44-in2out-fast" : "nat44-out2in-fast"; else { if (sm->num_workers > 1 && !sm->deterministic) - feature_name = is_inside ? "snat-in2out-worker-handoff" : "snat-out2in-worker-handoff"; + feature_name = is_inside ? "nat44-in2out-worker-handoff" : "nat44-out2in-worker-handoff"; else if (sm->deterministic) - feature_name = is_inside ? "snat-det-in2out" : "snat-det-out2in"; + feature_name = is_inside ? "nat44-det-in2out" : "nat44-det-out2in"; else - feature_name = is_inside ? "snat-in2out" : "snat-out2in"; + feature_name = is_inside ? "nat44-in2out" : "nat44-out2in"; } vnet_feature_enable_disable ("ip4-unicast", feature_name, sw_if_index, @@ -815,26 +815,26 @@ int snat_interface_add_del_output_feature (u32 sw_if_index, if (is_inside) { - vnet_feature_enable_disable ("ip4-unicast", "snat-hairpin-dst", + vnet_feature_enable_disable ("ip4-unicast", "nat44-hairpin-dst", sw_if_index, !is_del, 0, 0); - vnet_feature_enable_disable ("ip4-output", "snat-hairpin-src", + vnet_feature_enable_disable ("ip4-output", "nat44-hairpin-src", sw_if_index, !is_del, 0, 0); goto fq; } if (sm->num_workers > 1) { - vnet_feature_enable_disable ("ip4-unicast", "snat-out2in-worker-handoff", + vnet_feature_enable_disable ("ip4-unicast", "nat44-out2in-worker-handoff", sw_if_index, !is_del, 0, 0); vnet_feature_enable_disable ("ip4-output", - "snat-in2out-output-worker-handoff", + "nat44-in2out-output-worker-handoff", sw_if_index, !is_del, 0, 0); } else { - vnet_feature_enable_disable ("ip4-unicast", "snat-out2in", sw_if_index, + vnet_feature_enable_disable ("ip4-unicast", "nat44-out2in", sw_if_index, !is_del, 0, 0); - vnet_feature_enable_disable ("ip4-output", "snat-in2out-output", + vnet_feature_enable_disable ("ip4-output", "nat44-in2out-output", sw_if_index, !is_del, 0, 0); } @@ -997,13 +997,13 @@ static clib_error_t * snat_init (vlib_main_t * vm) VLIB_INIT_FUNCTION (snat_init); -void snat_free_outside_address_and_port (snat_main_t * sm, - snat_session_key_t * k, +void snat_free_outside_address_and_port (snat_main_t * sm, + snat_session_key_t * k, u32 address_index) { snat_address_t *a; u16 port_host_byte_order = clib_net_to_host_u16 (k->port); - + ASSERT (address_index < vec_len (sm->addresses)); a = sm->addresses + address_index; @@ -1024,12 +1024,12 @@ void snat_free_outside_address_and_port (snat_main_t * sm, clib_warning("unknown_protocol"); return; } -} +} /** - * @brief Match SNAT static mapping. + * @brief Match NAT44 static mapping. * - * @param sm SNAT main. + * @param sm NAT main. * @param match Address and port to match. * @param mapping External or local address and port of the matched mapping. * @param by_external If 0 match by local address otherwise match by external @@ -1199,7 +1199,7 @@ add_address_command_fn (vlib_main_t * vm, start_host_order = clib_host_to_net_u32 (start_addr.as_u32); end_host_order = clib_host_to_net_u32 (end_addr.as_u32); - + if (end_host_order < start_host_order) { error = clib_error_return (0, "end address less than start address"); @@ -1213,7 +1213,7 @@ add_address_command_fn (vlib_main_t * vm, format_ip4_address, &start_addr, format_ip4_address, &end_addr, count); - + this_addr = start_addr; for (i = 0; i < count; i++) @@ -1245,8 +1245,8 @@ done: } VLIB_CLI_COMMAND (add_address_command, static) = { - .path = "snat add address", - .short_help = "snat add addresses <ip4-range-start> [- <ip4-range-end>] " + .path = "nat44 add address", + .short_help = "nat44 add addresses <ip4-range-start> [- <ip4-range-end>] " "[tenant-vrf <vrf-id>] [del]", .function = add_address_command_fn, }; @@ -1365,9 +1365,9 @@ done: } VLIB_CLI_COMMAND (set_interface_snat_command, static) = { - .path = "set interface snat", + .path = "set interface nat44", .function = snat_feature_command_fn, - .short_help = "set interface snat in <intfc> out <intfc> [output-feature] " + .short_help = "set interface nat44 in <intfc> out <intfc> [output-feature] " "[del]", }; @@ -1503,18 +1503,18 @@ done: * to to the local network host. * To create static mapping between local host address 10.0.0.3 port 6303 and * external address 4.4.4.4 port 3606 for TCP protocol use: - * vpp# snat add static mapping local tcp 10.0.0.3 6303 external 4.4.4.4 3606 - * If not runnig "static mapping only" S-NAT plugin mode use before: - * vpp# snat add address 4.4.4.4 + * vpp# nat44 add static mapping local tcp 10.0.0.3 6303 external 4.4.4.4 3606 + * If not runnig "static mapping only" NAT plugin mode use before: + * vpp# nat44 add address 4.4.4.4 * To create static mapping between local and external address use: - * vpp# snat add static mapping local 10.0.0.3 external 4.4.4.4 + * vpp# nat44 add static mapping local 10.0.0.3 external 4.4.4.4 * @cliexend ?*/ VLIB_CLI_COMMAND (add_static_mapping_command, static) = { - .path = "snat add static mapping", + .path = "nat44 add static mapping", .function = add_static_mapping_command_fn, .short_help = - "snat add static mapping local tcp|udp|icmp <addr> [<port>] external <addr> [<port>] [vrf <table-id>] [del]", + "nat44 add static mapping local tcp|udp|icmp <addr> [<port>] external <addr> [<port>] [vrf <table-id>] [del]", }; static clib_error_t * @@ -1575,15 +1575,15 @@ done: /*? * @cliexpar * @cliexstart{set snat workers} - * Set SNAT workers if 2 or more workers available, use: + * Set NAT workers if 2 or more workers available, use: * vpp# set snat workers 0-2,5 * @cliexend ?*/ VLIB_CLI_COMMAND (set_workers_command, static) = { - .path = "set snat workers", + .path = "set nat workers", .function = set_workers_command_fn, .short_help = - "set snat workers <workers-list>", + "set nat workers <workers-list>", }; static clib_error_t * @@ -1635,16 +1635,16 @@ done: /*? * @cliexpar * @cliexstart{snat ipfix logging} - * To enable SNAT IPFIX logging use: - * vpp# snat ipfix logging + * To enable NAT IPFIX logging use: + * vpp# nat ipfix logging * To set IPFIX exporter use: * vpp# set ipfix exporter collector 10.10.10.3 src 10.10.10.1 * @cliexend ?*/ VLIB_CLI_COMMAND (snat_ipfix_logging_enable_disable_command, static) = { - .path = "snat ipfix logging", + .path = "nat ipfix logging", .function = snat_ipfix_logging_enable_disable_command_fn, - .short_help = "snat ipfix logging [domain <domain-id>] [src-port <port>] [disable]", + .short_help = "nat ipfix logging [domain <domain-id>] [src-port <port>] [disable]", }; static u32 @@ -1862,7 +1862,7 @@ snat_config (vlib_main_t * vm, unformat_input_t * input) return 0; } -VLIB_CONFIG_FUNCTION (snat_config, "snat"); +VLIB_CONFIG_FUNCTION (snat_config, "nat"); u8 * format_snat_session_state (u8 * s, va_list * args) { @@ -2067,18 +2067,18 @@ show_snat_command_fn (vlib_main_t * vm, if (sm->static_mapping_only) { if (sm->static_mapping_connection_tracking) - vlib_cli_output (vm, "SNAT mode: static mapping only connection " + vlib_cli_output (vm, "NAT plugin mode: static mapping only connection " "tracking"); else - vlib_cli_output (vm, "SNAT mode: static mapping only"); + vlib_cli_output (vm, "NAT plugin mode: static mapping only"); } else if (sm->deterministic) { - vlib_cli_output (vm, "SNAT mode: deterministic mapping"); + vlib_cli_output (vm, "NAT plugin mode: deterministic mapping"); } else { - vlib_cli_output (vm, "SNAT mode: dynamic translations enabled"); + vlib_cli_output (vm, "NAT plugin mode: dynamic translations enabled"); } if (verbose > 0) @@ -2100,7 +2100,7 @@ show_snat_command_fn (vlib_main_t * vm, if (vec_len (sm->auto_add_sw_if_indices)) { - vlib_cli_output (vm, "SNAT pool addresses interfaces:"); + vlib_cli_output (vm, "NAT44 pool addresses interfaces:"); vec_foreach (sw_if_index, sm->auto_add_sw_if_indices) { vlib_cli_output (vm, "%U", format_vnet_sw_interface_name, vnm, @@ -2253,8 +2253,8 @@ show_snat_command_fn (vlib_main_t * vm, } VLIB_CLI_COMMAND (show_snat_command, static) = { - .path = "show snat", - .short_help = "show snat", + .path = "show nat44", + .short_help = "show nat44", .function = show_snat_command_fn, }; @@ -2372,7 +2372,7 @@ int snat_add_interface_address (snat_main_t *sm, u32 sw_if_index, int is_del) return 0; } } - + if (is_del) return VNET_API_ERROR_NO_SUCH_ENTRY; @@ -2437,8 +2437,8 @@ done: } VLIB_CLI_COMMAND (snat_add_interface_address_command, static) = { - .path = "snat add interface address", - .short_help = "snat add interface address <interface> [del]", + .path = "nat44 add interface address", + .short_help = "nat44 add interface address <interface> [del]", .function = snat_add_interface_address_command_fn, }; @@ -2499,12 +2499,12 @@ done: * CGN deployments. * To create deterministic mapping between inside network 10.0.0.0/18 and * outside network 1.1.1.0/30 use: - * # vpp# snat deterministic add in 10.0.0.0/18 out 1.1.1.0/30 + * # vpp# nat44 deterministic add in 10.0.0.0/18 out 1.1.1.0/30 * @cliexend ?*/ VLIB_CLI_COMMAND (snat_det_map_command, static) = { - .path = "snat deterministic add", - .short_help = "snat deterministic add in <addr>/<plen> out <addr>/<plen> [del]", + .path = "nat44 deterministic add", + .short_help = "nat44 deterministic add in <addr>/<plen> out <addr>/<plen> [del]", .function = snat_det_map_command_fn, }; @@ -2560,13 +2560,13 @@ done: * Return outside address and port range from inside address for deterministic * NAT. * To obtain outside address and port of inside host use: - * vpp# snat deterministic forward 10.0.0.2 + * vpp# nat44 deterministic forward 10.0.0.2 * 1.1.1.0:<1054-1068> * @cliexend ?*/ VLIB_CLI_COMMAND (snat_det_forward_command, static) = { - .path = "snat deterministic forward", - .short_help = "snat deterministic forward <addr>", + .path = "nat44 deterministic forward", + .short_help = "nat44 deterministic forward <addr>", .function = snat_det_forward_command_fn, }; @@ -2625,13 +2625,13 @@ done: * @cliexstart{snat deterministic reverse} * Return inside address from outside address and port for deterministic NAT. * To obtain inside host address from outside address and port use: - * #vpp snat deterministic reverse 1.1.1.1:1276 + * #vpp nat44 deterministic reverse 1.1.1.1:1276 * 10.0.16.16 * @cliexend ?*/ VLIB_CLI_COMMAND (snat_det_reverse_command, static) = { - .path = "snat deterministic reverse", - .short_help = "snat deterministic reverse <addr>:<port>", + .path = "nat44 deterministic reverse", + .short_help = "nat44 deterministic reverse <addr>:<port>", .function = snat_det_reverse_command_fn, }; @@ -2687,17 +2687,17 @@ done: * @cliexpar * @cliexstart{set snat deterministic timeout} * Set values of timeouts for deterministic NAT (in seconds), use: - * vpp# set snat deterministic timeout udp 120 tcp-established 7500 + * vpp# set nat44 deterministic timeout udp 120 tcp-established 7500 * tcp-transitory 250 icmp 90 * To reset default values use: - * vpp# set snat deterministic timeout reset + * vpp# set nat44 deterministic timeout reset * @cliexend ?*/ VLIB_CLI_COMMAND (set_timeout_command, static) = { - .path = "set snat deterministic timeout", + .path = "set nat44 deterministic timeout", .function = set_timeout_command_fn, .short_help = - "set snat deterministic timeout [udp <sec> | tcp-established <sec> " + "set nat44 deterministic timeout [udp <sec> | tcp-established <sec> " "tcp-transitory <sec> | icmp <sec> | reset]", }; @@ -2762,12 +2762,12 @@ done: * @cliexstart{snat deterministic close session out} * Close session using outside ip address and port * and external ip address and port, use: - * vpp# snat deterministic close session out 1.1.1.1:1276 2.2.2.2:2387 + * vpp# nat44 deterministic close session out 1.1.1.1:1276 2.2.2.2:2387 * @cliexend ?*/ VLIB_CLI_COMMAND (snat_det_close_sesion_out_command, static) = { - .path = "snat deterministic close session out", - .short_help = "snat deterministic close session out " + .path = "nat44 deterministic close session out", + .short_help = "nat44 deterministic close session out " "<out_addr>:<out_port> <ext_addr>:<ext_port>", .function = snat_det_close_session_out_fn, }; @@ -2831,12 +2831,12 @@ done: * @cliexstart{snat deterministic close_session_in} * Close session using inside ip address and port * and external ip address and port, use: - * vpp# snat deterministic close session in 3.3.3.3:3487 2.2.2.2:2387 + * vpp# nat44 deterministic close session in 3.3.3.3:3487 2.2.2.2:2387 * @cliexend ?*/ VLIB_CLI_COMMAND (snat_det_close_session_in_command, static) = { - .path = "snat deterministic close session in", - .short_help = "snat deterministic close session in " + .path = "nat44 deterministic close session in", + .short_help = "nat44 deterministic close session in " "<in_addr>:<in_port> <ext_addr>:<ext_port>", .function = snat_det_close_session_in_fn, }; diff --git a/src/plugins/snat/snat.h b/src/plugins/nat/nat.h index aa0f82fc..04c466dc 100644 --- a/src/plugins/snat/snat.h +++ b/src/plugins/nat/nat.h @@ -1,6 +1,6 @@ /* - * snat.h - simple nat definitions + * nat.h - NAT plugin definitions * * Copyright (c) 2016 Cisco and/or its affiliates. * Licensed under the Apache License, Version 2.0 (the "License"); @@ -15,8 +15,8 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -#ifndef __included_snat_h__ -#define __included_snat_h__ +#ifndef __included_nat_h__ +#define __included_nat_h__ #include <vnet/vnet.h> #include <vnet/ip/ip.h> @@ -41,9 +41,9 @@ /* Key */ typedef struct { - union + union { - struct + struct { ip4_address_t addr; u16 port; @@ -156,7 +156,7 @@ typedef CLIB_PACKED(struct { f64 last_heard; /* 44-51 */ u64 total_bytes; /* 52-59 */ - + u32 total_pkts; /* 60-63 */ /* Outside address */ @@ -418,12 +418,12 @@ typedef struct { */ #define snat_is_unk_proto_session(s) s->flags & SNAT_SESSION_FLAG_UNKNOWN_PROTO -/* +/* * Why is this here? Because we don't need to touch this layer to * simply reply to an icmp. We need to change id to a unique * value to NAT an echo request/reply. */ - + typedef struct { u16 identifier; u16 sequence; @@ -538,4 +538,4 @@ is_interface_addr(snat_main_t *sm, vlib_node_runtime_t *node, u32 sw_if_index0, return 0; } -#endif /* __included_snat_h__ */ +#endif /* __included_nat_h__ */ diff --git a/src/plugins/snat/nat64.c b/src/plugins/nat/nat64.c index bd915b59..b04901fa 100644 --- a/src/plugins/snat/nat64.c +++ b/src/plugins/nat/nat64.c @@ -17,8 +17,8 @@ * @brief NAT64 implementation */ -#include <snat/nat64.h> -#include <snat/nat64_db.h> +#include <nat/nat64.h> +#include <nat/nat64_db.h> #include <vnet/fib/ip4_fib.h> diff --git a/src/plugins/snat/nat64.h b/src/plugins/nat/nat64.h index 771b9075..68224cab 100644 --- a/src/plugins/snat/nat64.h +++ b/src/plugins/nat/nat64.h @@ -19,8 +19,8 @@ #ifndef __included_nat64_h__ #define __included_nat64_h__ -#include <snat/snat.h> -#include <snat/nat64_db.h> +#include <nat/nat.h> +#include <nat/nat64_db.h> #define foreach_nat64_tcp_ses_state \ _(0, CLOSED, "closed") \ diff --git a/src/plugins/snat/nat64_cli.c b/src/plugins/nat/nat64_cli.c index ca60b12c..bb62ecf2 100644 --- a/src/plugins/snat/nat64_cli.c +++ b/src/plugins/nat/nat64_cli.c @@ -17,8 +17,8 @@ * @brief NAT64 CLI */ -#include <snat/nat64.h> -#include <snat/snat.h> +#include <nat/nat64.h> +#include <nat/nat.h> #include <vnet/fib/fib_table.h> static clib_error_t * diff --git a/src/plugins/snat/nat64_db.c b/src/plugins/nat/nat64_db.c index 9584827e..da73ceee 100644 --- a/src/plugins/snat/nat64_db.c +++ b/src/plugins/nat/nat64_db.c @@ -16,7 +16,7 @@ * @file * @brief NAT64 DB */ -#include <snat/nat64_db.h> +#include <nat/nat64_db.h> int nat64_db_init (nat64_db_t * db) diff --git a/src/plugins/snat/nat64_db.h b/src/plugins/nat/nat64_db.h index 1e2dcc93..394ca875 100644 --- a/src/plugins/snat/nat64_db.h +++ b/src/plugins/nat/nat64_db.h @@ -21,7 +21,7 @@ #include <vppinfra/bihash_24_8.h> #include <vppinfra/bihash_48_8.h> -#include <snat/snat.h> +#include <nat/nat.h> typedef struct diff --git a/src/plugins/snat/nat64_doc.md b/src/plugins/nat/nat64_doc.md index f94467da..f94467da 100644 --- a/src/plugins/snat/nat64_doc.md +++ b/src/plugins/nat/nat64_doc.md diff --git a/src/plugins/snat/nat64_in2out.c b/src/plugins/nat/nat64_in2out.c index 8c67fec2..f78baff4 100644 --- a/src/plugins/snat/nat64_in2out.c +++ b/src/plugins/nat/nat64_in2out.c @@ -17,7 +17,7 @@ * @brief NAT64 IPv6 to IPv4 translation (inside to outside network) */ -#include <snat/nat64.h> +#include <nat/nat64.h> #include <vnet/ip/ip6_to_ip4.h> #include <vnet/fib/fib_table.h> diff --git a/src/plugins/snat/nat64_out2in.c b/src/plugins/nat/nat64_out2in.c index cd5b253a..61e88a7f 100644 --- a/src/plugins/snat/nat64_out2in.c +++ b/src/plugins/nat/nat64_out2in.c @@ -17,7 +17,7 @@ * @brief NAT64 IPv4 to IPv6 translation (otside to inside network) */ -#include <snat/nat64.h> +#include <nat/nat64.h> #include <vnet/ip/ip4_to_ip6.h> #include <vnet/fib/ip4_fib.h> diff --git a/src/plugins/snat/snat_all_api_h.h b/src/plugins/nat/nat_all_api_h.h index 49017700..acd9ba1c 100644 --- a/src/plugins/snat/snat_all_api_h.h +++ b/src/plugins/nat/nat_all_api_h.h @@ -1,6 +1,6 @@ /* - * snat_all_api_h.h - skeleton vpp engine plug-in api #include file + * nat_all_api_h.h - skeleton vpp engine plug-in api #include file * * Copyright (c) <current-year> <your-organization> * Licensed under the Apache License, Version 2.0 (the "License"); @@ -16,4 +16,4 @@ * limitations under the License. */ /* Include the generated file, see BUILT_SOURCES in Makefile.am */ -#include <snat/snat.api.h> +#include <nat/nat.api.h> diff --git a/src/plugins/snat/snat_api.c b/src/plugins/nat/nat_api.c index 227074f9..0a2141f2 100644 --- a/src/plugins/snat/snat_api.c +++ b/src/plugins/nat/nat_api.c @@ -15,26 +15,26 @@ */ /** * @file - * @brief SNAT plugin API implementation + * @brief NAT plugin API implementation */ -#include <snat/snat.h> -#include <snat/snat_det.h> -#include <snat/nat64.h> +#include <nat/nat.h> +#include <nat/nat_det.h> +#include <nat/nat64.h> #include <vlibapi/api.h> #include <vlibmemory/api.h> #include <vlibsocket/api.h> -#include <snat/snat_msg_enum.h> +#include <nat/nat_msg_enum.h> #include <vnet/fib/fib_table.h> /* define message structures */ #define vl_typedefs -#include <snat/snat_all_api_h.h> +#include <nat/nat_all_api_h.h> #undef vl_typedefs /* define generated endian-swappers */ #define vl_endianfun -#include <snat/snat_all_api_h.h> +#include <nat/nat_all_api_h.h> #undef vl_endianfun #define vl_print(handle, ...) vlib_cli_output (handle, __VA_ARGS__) @@ -44,7 +44,7 @@ /* Get the API version number */ #define vl_api_version(n,v) static u32 api_version=(v); -#include <snat/snat_all_api_h.h> +#include <nat/nat_all_api_h.h> #undef vl_api_version /* Macro to finish up custom dump fns */ @@ -901,9 +901,9 @@ static void *vl_api_snat_user_session_dump_t_print FINISH; } -/****************************/ -/*** detrministic NAT/CGN ***/ -/****************************/ +/******************************************************************/ +/*** detrministic NAT/CGN (old, will be deprecated after 17.10) ***/ +/******************************************************************/ static void vl_api_snat_add_det_map_t_handler (vl_api_snat_add_det_map_t * mp) @@ -1293,6 +1293,1263 @@ static void *vl_api_snat_det_session_dump_t_print FINISH; } +/******************************/ +/*** Common NAT plugin APIs ***/ +/******************************/ + +static void +vl_api_nat_control_ping_t_handler (vl_api_nat_control_ping_t * mp) +{ + vl_api_nat_control_ping_reply_t *rmp; + snat_main_t *sm = &snat_main; + int rv = 0; + + /* *INDENT-OFF* */ + REPLY_MACRO2 (VL_API_NAT_CONTROL_PING_REPLY, + ({ + rmp->vpe_pid = ntohl (getpid ()); + })); + /* *INDENT-ON* */ +} + +static void * +vl_api_nat_control_ping_t_print (vl_api_nat_control_ping_t * mp, void *handle) +{ + u8 *s; + + s = format (0, "SCRIPT: nat_control_ping "); + + FINISH; +} + +static void +vl_api_nat_show_config_t_handler (vl_api_nat_show_config_t * mp) +{ + vl_api_nat_show_config_reply_t *rmp; + snat_main_t *sm = &snat_main; + int rv = 0; + + /* *INDENT-OFF* */ + REPLY_MACRO2 (VL_API_NAT_SHOW_CONFIG_REPLY, + ({ + rmp->translation_buckets = htonl (sm->translation_buckets); + rmp->translation_memory_size = htonl (sm->translation_memory_size); + rmp->user_buckets = htonl (sm->user_buckets); + rmp->user_memory_size = htonl (sm->user_memory_size); + rmp->max_translations_per_user = htonl (sm->max_translations_per_user); + rmp->outside_vrf_id = htonl (sm->outside_vrf_id); + rmp->inside_vrf_id = htonl (sm->inside_vrf_id); + rmp->static_mapping_only = sm->static_mapping_only; + rmp->static_mapping_connection_tracking = + sm->static_mapping_connection_tracking; + rmp->deterministic = sm->deterministic; + })); + /* *INDENT-ON* */ +} + +static void * +vl_api_nat_show_config_t_print (vl_api_nat_show_config_t * mp, void *handle) +{ + u8 *s; + + s = format (0, "SCRIPT: nat_show_config "); + + FINISH; +} + +static void +vl_api_nat_set_workers_t_handler (vl_api_nat_set_workers_t * mp) +{ + snat_main_t *sm = &snat_main; + vl_api_snat_set_workers_reply_t *rmp; + int rv = 0; + uword *bitmap = 0; + u64 mask = clib_net_to_host_u64 (mp->worker_mask); + + if (sm->num_workers < 2) + { + rv = VNET_API_ERROR_FEATURE_DISABLED; + goto send_reply; + } + + bitmap = clib_bitmap_set_multiple (bitmap, 0, mask, BITS (mask)); + rv = snat_set_workers (bitmap); + clib_bitmap_free (bitmap); + +send_reply: + REPLY_MACRO (VL_API_NAT_SET_WORKERS_REPLY); +} + +static void * +vl_api_nat_set_workers_t_print (vl_api_nat_set_workers_t * mp, void *handle) +{ + u8 *s; + uword *bitmap = 0; + u8 first = 1; + int i; + u64 mask = clib_net_to_host_u64 (mp->worker_mask); + + s = format (0, "SCRIPT: nat_set_workers "); + bitmap = clib_bitmap_set_multiple (bitmap, 0, mask, BITS (mask)); + /* *INDENT-OFF* */ + clib_bitmap_foreach (i, bitmap, + ({ + if (first) + s = format (s, "%d", i); + else + s = format (s, ",%d", i); + first = 0; + })); + /* *INDENT-ON* */ + clib_bitmap_free (bitmap); + FINISH; +} + +static void +send_nat_worker_details (u32 worker_index, unix_shared_memory_queue_t * q, + u32 context) +{ + vl_api_nat_worker_details_t *rmp; + snat_main_t *sm = &snat_main; + vlib_worker_thread_t *w = + vlib_worker_threads + worker_index + sm->first_worker_index; + + rmp = vl_msg_api_alloc (sizeof (*rmp)); + memset (rmp, 0, sizeof (*rmp)); + rmp->_vl_msg_id = ntohs (VL_API_NAT_WORKER_DETAILS + sm->msg_id_base); + rmp->context = context; + rmp->worker_index = htonl (worker_index); + rmp->lcore_id = htonl (w->lcore_id); + strncpy ((char *) rmp->name, (char *) w->name, ARRAY_LEN (rmp->name) - 1); + + vl_msg_api_send_shmem (q, (u8 *) & rmp); +} + +static void +vl_api_nat_worker_dump_t_handler (vl_api_nat_worker_dump_t * mp) +{ + unix_shared_memory_queue_t *q; + snat_main_t *sm = &snat_main; + u32 *worker_index; + + q = vl_api_client_index_to_input_queue (mp->client_index); + if (q == 0) + return; + + /* *INDENT-OFF* */ + vec_foreach (worker_index, sm->workers) + send_nat_worker_details(*worker_index, q, mp->context); + /* *INDENT-ON* */ +} + +static void * +vl_api_nat_worker_dump_t_print (vl_api_nat_worker_dump_t * mp, void *handle) +{ + u8 *s; + + s = format (0, "SCRIPT: nat_worker_dump "); + + FINISH; +} + +static void +vl_api_nat_ipfix_enable_disable_t_handler (vl_api_nat_ipfix_enable_disable_t * + mp) +{ + snat_main_t *sm = &snat_main; + vl_api_nat_ipfix_enable_disable_reply_t *rmp; + int rv = 0; + + rv = snat_ipfix_logging_enable_disable (mp->enable, + clib_host_to_net_u32 + (mp->domain_id), + clib_host_to_net_u16 + (mp->src_port)); + + REPLY_MACRO (VL_API_NAT_IPFIX_ENABLE_DISABLE_REPLY); +} + +static void * +vl_api_nat_ipfix_enable_disable_t_print (vl_api_nat_ipfix_enable_disable_t * + mp, void *handle) +{ + u8 *s; + + s = format (0, "SCRIPT: nat_ipfix_enable_disable "); + if (mp->domain_id) + s = format (s, "domain %d ", clib_net_to_host_u32 (mp->domain_id)); + if (mp->src_port) + s = format (s, "src_port %d ", clib_net_to_host_u16 (mp->src_port)); + if (!mp->enable) + s = format (s, "disable "); + + FINISH; +} + +/*************/ +/*** NAT44 ***/ +/*************/ +static void + vl_api_nat44_add_del_address_range_t_handler + (vl_api_nat44_add_del_address_range_t * mp) +{ + snat_main_t *sm = &snat_main; + vl_api_nat44_add_del_address_range_reply_t *rmp; + ip4_address_t this_addr; + u32 start_host_order, end_host_order; + u32 vrf_id; + int i, count; + int rv = 0; + u32 *tmp; + + if (sm->static_mapping_only) + { + rv = VNET_API_ERROR_FEATURE_DISABLED; + goto send_reply; + } + + tmp = (u32 *) mp->first_ip_address; + start_host_order = clib_host_to_net_u32 (tmp[0]); + tmp = (u32 *) mp->last_ip_address; + end_host_order = clib_host_to_net_u32 (tmp[0]); + + count = (end_host_order - start_host_order) + 1; + + vrf_id = clib_host_to_net_u32 (mp->vrf_id); + + if (count > 1024) + clib_warning ("%U - %U, %d addresses...", + format_ip4_address, mp->first_ip_address, + format_ip4_address, mp->last_ip_address, count); + + memcpy (&this_addr.as_u8, mp->first_ip_address, 4); + + for (i = 0; i < count; i++) + { + if (mp->is_add) + snat_add_address (sm, &this_addr, vrf_id); + else + rv = snat_del_address (sm, this_addr, 0); + + if (rv) + goto send_reply; + + increment_v4_address (&this_addr); + } + +send_reply: + REPLY_MACRO (VL_API_NAT44_ADD_DEL_ADDRESS_RANGE_REPLY); +} + +static void *vl_api_nat44_add_del_address_range_t_print + (vl_api_nat44_add_del_address_range_t * mp, void *handle) +{ + u8 *s; + + s = format (0, "SCRIPT: nat44_add_address_range "); + s = format (s, "%U ", format_ip4_address, mp->first_ip_address); + if (memcmp (mp->first_ip_address, mp->last_ip_address, 4)) + { + s = format (s, " - %U ", format_ip4_address, mp->last_ip_address); + } + FINISH; +} + +static void +send_nat44_address_details (snat_address_t * a, + unix_shared_memory_queue_t * q, u32 context) +{ + vl_api_nat44_address_details_t *rmp; + snat_main_t *sm = &snat_main; + + rmp = vl_msg_api_alloc (sizeof (*rmp)); + memset (rmp, 0, sizeof (*rmp)); + rmp->_vl_msg_id = ntohs (VL_API_NAT44_ADDRESS_DETAILS + sm->msg_id_base); + clib_memcpy (rmp->ip_address, &(a->addr), 4); + if (a->fib_index != ~0) + { + fib_table_t *fib = fib_table_get (a->fib_index, FIB_PROTOCOL_IP4); + rmp->vrf_id = ntohl (fib->ft_table_id); + } + else + rmp->vrf_id = ~0; + rmp->context = context; + + vl_msg_api_send_shmem (q, (u8 *) & rmp); +} + +static void +vl_api_nat44_address_dump_t_handler (vl_api_nat44_address_dump_t * mp) +{ + unix_shared_memory_queue_t *q; + snat_main_t *sm = &snat_main; + snat_address_t *a; + + q = vl_api_client_index_to_input_queue (mp->client_index); + if (q == 0) + return; + + /* *INDENT-OFF* */ + vec_foreach (a, sm->addresses) + send_nat44_address_details (a, q, mp->context); + /* *INDENT-ON* */ +} + +static void * +vl_api_nat44_address_dump_t_print (vl_api_nat44_address_dump_t * mp, + void *handle) +{ + u8 *s; + + s = format (0, "SCRIPT: nat44_address_dump "); + + FINISH; +} + +static void + vl_api_nat44_interface_add_del_feature_t_handler + (vl_api_nat44_interface_add_del_feature_t * mp) +{ + snat_main_t *sm = &snat_main; + vl_api_nat44_interface_add_del_feature_reply_t *rmp; + u8 is_del = mp->is_add == 0; + u32 sw_if_index = ntohl (mp->sw_if_index); + int rv = 0; + + VALIDATE_SW_IF_INDEX (mp); + + rv = snat_interface_add_del (sw_if_index, mp->is_inside, is_del); + + BAD_SW_IF_INDEX_LABEL; + + REPLY_MACRO (VL_API_NAT44_INTERFACE_ADD_DEL_FEATURE_REPLY); +} + +static void *vl_api_nat44_interface_add_del_feature_t_print + (vl_api_nat44_interface_add_del_feature_t * mp, void *handle) +{ + u8 *s; + + s = format (0, "SCRIPT: nat44_interface_add_del_feature "); + s = format (s, "sw_if_index %d %s %s", + clib_host_to_net_u32 (mp->sw_if_index), + mp->is_inside ? "in" : "out", mp->is_add ? "" : "del"); + + FINISH; +} + +static void +send_nat44_interface_details (snat_interface_t * i, + unix_shared_memory_queue_t * q, u32 context) +{ + vl_api_nat44_interface_details_t *rmp; + snat_main_t *sm = &snat_main; + + rmp = vl_msg_api_alloc (sizeof (*rmp)); + memset (rmp, 0, sizeof (*rmp)); + rmp->_vl_msg_id = ntohs (VL_API_NAT44_INTERFACE_DETAILS + sm->msg_id_base); + rmp->sw_if_index = ntohl (i->sw_if_index); + rmp->is_inside = i->is_inside; + rmp->context = context; + + vl_msg_api_send_shmem (q, (u8 *) & rmp); +} + +static void +vl_api_nat44_interface_dump_t_handler (vl_api_nat44_interface_dump_t * mp) +{ + unix_shared_memory_queue_t *q; + snat_main_t *sm = &snat_main; + snat_interface_t *i; + + q = vl_api_client_index_to_input_queue (mp->client_index); + if (q == 0) + return; + + /* *INDENT-OFF* */ + pool_foreach (i, sm->interfaces, + ({ + send_nat44_interface_details(i, q, mp->context); + })); + /* *INDENT-ON* */ +} + +static void * +vl_api_nat44_interface_dump_t_print (vl_api_nat44_interface_dump_t * mp, + void *handle) +{ + u8 *s; + + s = format (0, "SCRIPT: nat44_interface_dump "); + + FINISH; +} + +static void + vl_api_nat44_interface_add_del_output_feature_t_handler + (vl_api_nat44_interface_add_del_output_feature_t * mp) +{ + snat_main_t *sm = &snat_main; + vl_api_nat44_interface_add_del_output_feature_reply_t *rmp; + u8 is_del = mp->is_add == 0; + u32 sw_if_index = ntohl (mp->sw_if_index); + int rv = 0; + + VALIDATE_SW_IF_INDEX (mp); + + rv = snat_interface_add_del_output_feature (sw_if_index, mp->is_inside, + is_del); + + BAD_SW_IF_INDEX_LABEL; + + REPLY_MACRO (VL_API_NAT44_INTERFACE_ADD_DEL_OUTPUT_FEATURE_REPLY); +} + +static void *vl_api_nat44_interface_add_del_output_feature_t_print + (vl_api_nat44_interface_add_del_output_feature_t * mp, void *handle) +{ + u8 *s; + + s = format (0, "SCRIPT: nat44_interface_add_del_output_feature "); + s = format (s, "sw_if_index %d %s %s", + clib_host_to_net_u32 (mp->sw_if_index), + mp->is_inside ? "in" : "out", mp->is_add ? "" : "del"); + + FINISH; +} + +static void +send_nat44_interface_output_feature_details (snat_interface_t * i, + unix_shared_memory_queue_t * q, + u32 context) +{ + vl_api_nat44_interface_output_feature_details_t *rmp; + snat_main_t *sm = &snat_main; + + rmp = vl_msg_api_alloc (sizeof (*rmp)); + memset (rmp, 0, sizeof (*rmp)); + rmp->_vl_msg_id = + ntohs (VL_API_NAT44_INTERFACE_OUTPUT_FEATURE_DETAILS + sm->msg_id_base); + rmp->sw_if_index = ntohl (i->sw_if_index); + rmp->context = context; + rmp->is_inside = i->is_inside; + + vl_msg_api_send_shmem (q, (u8 *) & rmp); +} + +static void + vl_api_nat44_interface_output_feature_dump_t_handler + (vl_api_nat44_interface_output_feature_dump_t * mp) +{ + unix_shared_memory_queue_t *q; + snat_main_t *sm = &snat_main; + snat_interface_t *i; + + q = vl_api_client_index_to_input_queue (mp->client_index); + if (q == 0) + return; + + /* *INDENT-OFF* */ + pool_foreach (i, sm->output_feature_interfaces, + ({ + send_nat44_interface_output_feature_details(i, q, mp->context); + })); + /* *INDENT-ON* */ +} + +static void *vl_api_nat44_interface_output_feature_dump_t_print + (vl_api_nat44_interface_output_feature_dump_t * mp, void *handle) +{ + u8 *s; + + s = format (0, "SCRIPT: nat44_interface_output_feature_dump "); + + FINISH; +} + +static void + vl_api_nat44_add_del_static_mapping_t_handler + (vl_api_nat44_add_del_static_mapping_t * mp) +{ + snat_main_t *sm = &snat_main; + vl_api_nat44_add_del_static_mapping_reply_t *rmp; + ip4_address_t local_addr, external_addr; + u16 local_port = 0, external_port = 0; + u32 vrf_id, external_sw_if_index; + int rv = 0; + snat_protocol_t proto; + + memcpy (&local_addr.as_u8, mp->local_ip_address, 4); + memcpy (&external_addr.as_u8, mp->external_ip_address, 4); + if (mp->addr_only == 0) + { + local_port = clib_net_to_host_u16 (mp->local_port); + external_port = clib_net_to_host_u16 (mp->external_port); + } + vrf_id = clib_net_to_host_u32 (mp->vrf_id); + external_sw_if_index = clib_net_to_host_u32 (mp->external_sw_if_index); + proto = ip_proto_to_snat_proto (mp->protocol); + + rv = snat_add_static_mapping (local_addr, external_addr, local_port, + external_port, vrf_id, mp->addr_only, + external_sw_if_index, proto, mp->is_add); + + REPLY_MACRO (VL_API_NAT44_ADD_DEL_STATIC_MAPPING_REPLY); +} + +static void *vl_api_nat44_add_del_static_mapping_t_print + (vl_api_nat44_add_del_static_mapping_t * mp, void *handle) +{ + u8 *s; + + s = format (0, "SCRIPT: nat44_add_del_static_mapping "); + s = format (s, "protocol %d local_addr %U external_addr %U ", + mp->protocol, + format_ip4_address, mp->local_ip_address, + format_ip4_address, mp->external_ip_address); + + if (mp->addr_only == 0) + s = format (s, "local_port %d external_port %d ", + clib_net_to_host_u16 (mp->local_port), + clib_net_to_host_u16 (mp->external_port)); + + if (mp->vrf_id != ~0) + s = format (s, "vrf %d", clib_net_to_host_u32 (mp->vrf_id)); + + if (mp->external_sw_if_index != ~0) + s = format (s, "external_sw_if_index %d", + clib_net_to_host_u32 (mp->external_sw_if_index)); + FINISH; +} + +static void +send_nat44_static_mapping_details (snat_static_mapping_t * m, + unix_shared_memory_queue_t * q, + u32 context) +{ + vl_api_nat44_static_mapping_details_t *rmp; + snat_main_t *sm = &snat_main; + + rmp = vl_msg_api_alloc (sizeof (*rmp)); + memset (rmp, 0, sizeof (*rmp)); + rmp->_vl_msg_id = + ntohs (VL_API_NAT44_STATIC_MAPPING_DETAILS + sm->msg_id_base); + rmp->addr_only = m->addr_only; + clib_memcpy (rmp->local_ip_address, &(m->local_addr), 4); + clib_memcpy (rmp->external_ip_address, &(m->external_addr), 4); + rmp->local_port = htons (m->local_port); + rmp->external_port = htons (m->external_port); + rmp->external_sw_if_index = ~0; + rmp->vrf_id = htonl (m->vrf_id); + rmp->protocol = snat_proto_to_ip_proto (m->proto); + rmp->context = context; + + vl_msg_api_send_shmem (q, (u8 *) & rmp); +} + +static void +send_nat44_static_map_resolve_details (snat_static_map_resolve_t * m, + unix_shared_memory_queue_t * q, + u32 context) +{ + vl_api_nat44_static_mapping_details_t *rmp; + snat_main_t *sm = &snat_main; + + rmp = vl_msg_api_alloc (sizeof (*rmp)); + memset (rmp, 0, sizeof (*rmp)); + rmp->_vl_msg_id = + ntohs (VL_API_NAT44_STATIC_MAPPING_DETAILS + sm->msg_id_base); + rmp->addr_only = m->addr_only; + clib_memcpy (rmp->local_ip_address, &(m->l_addr), 4); + rmp->local_port = htons (m->l_port); + rmp->external_port = htons (m->e_port); + rmp->external_sw_if_index = htonl (m->sw_if_index); + rmp->vrf_id = htonl (m->vrf_id); + rmp->protocol = snat_proto_to_ip_proto (m->proto); + rmp->context = context; + + vl_msg_api_send_shmem (q, (u8 *) & rmp); +} + +static void +vl_api_nat44_static_mapping_dump_t_handler (vl_api_nat44_static_mapping_dump_t + * mp) +{ + unix_shared_memory_queue_t *q; + snat_main_t *sm = &snat_main; + snat_static_mapping_t *m; + snat_static_map_resolve_t *rp; + int j; + + q = vl_api_client_index_to_input_queue (mp->client_index); + if (q == 0) + return; + + /* *INDENT-OFF* */ + pool_foreach (m, sm->static_mappings, + ({ + send_nat44_static_mapping_details (m, q, mp->context); + })); + /* *INDENT-ON* */ + + for (j = 0; j < vec_len (sm->to_resolve); j++) + { + rp = sm->to_resolve + j; + send_nat44_static_map_resolve_details (rp, q, mp->context); + } +} + +static void * +vl_api_nat44_static_mapping_dump_t_print (vl_api_nat44_static_mapping_dump_t * + mp, void *handle) +{ + u8 *s; + + s = format (0, "SCRIPT: nat44_static_mapping_dump "); + + FINISH; +} + +static void + vl_api_nat44_add_del_interface_addr_t_handler + (vl_api_nat44_add_del_interface_addr_t * mp) +{ + snat_main_t *sm = &snat_main; + vl_api_nat44_add_del_interface_addr_reply_t *rmp; + u8 is_del = mp->is_add == 0; + u32 sw_if_index = ntohl (mp->sw_if_index); + int rv = 0; + + VALIDATE_SW_IF_INDEX (mp); + + rv = snat_add_interface_address (sm, sw_if_index, is_del); + + BAD_SW_IF_INDEX_LABEL; + + REPLY_MACRO (VL_API_NAT44_ADD_DEL_INTERFACE_ADDR_REPLY); +} + +static void *vl_api_nat44_add_del_interface_addr_t_print + (vl_api_nat44_add_del_interface_addr_t * mp, void *handle) +{ + u8 *s; + + s = format (0, "SCRIPT: nat44_add_del_interface_addr "); + s = format (s, "sw_if_index %d %s", + clib_host_to_net_u32 (mp->sw_if_index), + mp->is_add ? "" : "del"); + + FINISH; +} + +static void +send_nat44_interface_addr_details (u32 sw_if_index, + unix_shared_memory_queue_t * q, + u32 context) +{ + vl_api_nat44_interface_addr_details_t *rmp; + snat_main_t *sm = &snat_main; + + rmp = vl_msg_api_alloc (sizeof (*rmp)); + memset (rmp, 0, sizeof (*rmp)); + rmp->_vl_msg_id = + ntohs (VL_API_NAT44_INTERFACE_ADDR_DETAILS + sm->msg_id_base); + rmp->sw_if_index = ntohl (sw_if_index); + rmp->context = context; + + vl_msg_api_send_shmem (q, (u8 *) & rmp); +} + +static void +vl_api_nat44_interface_addr_dump_t_handler (vl_api_nat44_interface_addr_dump_t + * mp) +{ + unix_shared_memory_queue_t *q; + snat_main_t *sm = &snat_main; + u32 *i; + + q = vl_api_client_index_to_input_queue (mp->client_index); + if (q == 0) + return; + + /* *INDENT-OFF* */ + vec_foreach (i, sm->auto_add_sw_if_indices) + send_nat44_interface_addr_details(*i, q, mp->context); + /* *INDENT-ON* */ +} + +static void * +vl_api_nat44_interface_addr_dump_t_print (vl_api_nat44_interface_addr_dump_t * + mp, void *handle) +{ + u8 *s; + + s = format (0, "SCRIPT: nat44_interface_addr_dump "); + + FINISH; +} + +static void +send_nat44_user_details (snat_user_t * u, unix_shared_memory_queue_t * q, + u32 context) +{ + vl_api_nat44_user_details_t *rmp; + snat_main_t *sm = &snat_main; + fib_table_t *fib = fib_table_get (u->fib_index, FIB_PROTOCOL_IP4); + + rmp = vl_msg_api_alloc (sizeof (*rmp)); + memset (rmp, 0, sizeof (*rmp)); + rmp->_vl_msg_id = ntohs (VL_API_NAT44_USER_DETAILS + sm->msg_id_base); + + rmp->vrf_id = ntohl (fib->ft_table_id); + + clib_memcpy (rmp->ip_address, &(u->addr), 4); + rmp->nsessions = ntohl (u->nsessions); + rmp->nstaticsessions = ntohl (u->nstaticsessions); + rmp->context = context; + + vl_msg_api_send_shmem (q, (u8 *) & rmp); +} + +static void +vl_api_nat44_user_dump_t_handler (vl_api_nat44_user_dump_t * mp) +{ + unix_shared_memory_queue_t *q; + snat_main_t *sm = &snat_main; + snat_main_per_thread_data_t *tsm; + snat_user_t *u; + + q = vl_api_client_index_to_input_queue (mp->client_index); + if (q == 0) + return; + + /* *INDENT-OFF* */ + vec_foreach (tsm, sm->per_thread_data) + vec_foreach (u, tsm->users) + send_nat44_user_details (u, q, mp->context); + /* *INDENT-ON* */ +} + +static void * +vl_api_nat44_user_dump_t_print (vl_api_nat44_user_dump_t * mp, void *handle) +{ + u8 *s; + + s = format (0, "SCRIPT: nat44_user_dump "); + + FINISH; +} + +static void +send_nat44_user_session_details (snat_session_t * s, + unix_shared_memory_queue_t * q, u32 context) +{ + vl_api_nat44_user_session_details_t *rmp; + snat_main_t *sm = &snat_main; + + rmp = vl_msg_api_alloc (sizeof (*rmp)); + memset (rmp, 0, sizeof (*rmp)); + rmp->_vl_msg_id = + ntohs (VL_API_NAT44_USER_SESSION_DETAILS + sm->msg_id_base); + clib_memcpy (rmp->outside_ip_address, (&s->out2in.addr), 4); + clib_memcpy (rmp->inside_ip_address, (&s->in2out.addr), 4); + rmp->is_static = s->flags & SNAT_SESSION_FLAG_STATIC_MAPPING ? 1 : 0; + rmp->last_heard = clib_host_to_net_u64 ((u64) s->last_heard); + rmp->total_bytes = clib_host_to_net_u64 (s->total_bytes); + rmp->total_pkts = ntohl (s->total_pkts); + rmp->context = context; + if (snat_is_unk_proto_session (s)) + { + rmp->outside_port = 0; + rmp->inside_port = 0; + rmp->protocol = ntohs (s->in2out.port); + } + else + { + rmp->outside_port = s->out2in.port; + rmp->inside_port = s->in2out.port; + rmp->protocol = ntohs (snat_proto_to_ip_proto (s->in2out.protocol)); + } + + vl_msg_api_send_shmem (q, (u8 *) & rmp); +} + +static void +vl_api_nat44_user_session_dump_t_handler (vl_api_nat44_user_session_dump_t * + mp) +{ + unix_shared_memory_queue_t *q; + snat_main_t *sm = &snat_main; + snat_main_per_thread_data_t *tsm; + snat_session_t *s; + clib_bihash_kv_8_8_t key, value; + snat_user_key_t ukey; + snat_user_t *u; + u32 session_index, head_index, elt_index; + dlist_elt_t *head, *elt; + + q = vl_api_client_index_to_input_queue (mp->client_index); + if (q == 0) + return; + + clib_memcpy (&ukey.addr, mp->ip_address, 4); + ukey.fib_index = fib_table_find (FIB_PROTOCOL_IP4, ntohl (mp->vrf_id)); + key.key = ukey.as_u64; + if (!clib_bihash_search_8_8 (&sm->worker_by_in, &key, &value)) + tsm = vec_elt_at_index (sm->per_thread_data, value.value); + else + tsm = vec_elt_at_index (sm->per_thread_data, sm->num_workers); + if (clib_bihash_search_8_8 (&sm->user_hash, &key, &value)) + return; + u = pool_elt_at_index (tsm->users, value.value); + if (!u->nsessions && !u->nstaticsessions) + return; + + head_index = u->sessions_per_user_list_head_index; + head = pool_elt_at_index (tsm->list_pool, head_index); + elt_index = head->next; + elt = pool_elt_at_index (tsm->list_pool, elt_index); + session_index = elt->value; + while (session_index != ~0) + { + s = pool_elt_at_index (tsm->sessions, session_index); + + send_nat44_user_session_details (s, q, mp->context); + + elt_index = elt->next; + elt = pool_elt_at_index (tsm->list_pool, elt_index); + session_index = elt->value; + } +} + +static void * +vl_api_nat44_user_session_dump_t_print (vl_api_nat44_user_session_dump_t * mp, + void *handle) +{ + u8 *s; + + s = format (0, "SCRIPT: nat44_user_session_dump "); + s = format (s, "ip_address %U vrf_id %d\n", + format_ip4_address, mp->ip_address, + clib_net_to_host_u32 (mp->vrf_id)); + + FINISH; +} + +/*******************************/ +/*** Deterministic NAT (CGN) ***/ +/*******************************/ + +static void +vl_api_nat_det_add_del_map_t_handler (vl_api_nat_det_add_del_map_t * mp) +{ + snat_main_t *sm = &snat_main; + vl_api_nat_det_add_del_map_reply_t *rmp; + int rv = 0; + ip4_address_t in_addr, out_addr; + + if (!mp->is_nat44) + { + rv = VNET_API_ERROR_UNIMPLEMENTED; + goto send_reply; + } + + clib_memcpy (&in_addr, mp->in_addr, 4); + clib_memcpy (&out_addr, mp->out_addr, 4); + rv = snat_det_add_map (sm, &in_addr, mp->in_plen, &out_addr, + mp->out_plen, mp->is_add); + +send_reply: + REPLY_MACRO (VL_API_NAT_DET_ADD_DEL_MAP_REPLY); +} + +static void * +vl_api_nat_det_add_del_map_t_print (vl_api_nat_det_add_del_map_t * mp, + void *handle) +{ + u8 *s; + + s = format (0, "SCRIPT: nat_det_add_del_map "); + s = format (s, "inside address %U/%d outside address %U/%d\n", + format_ip4_address, mp->in_addr, mp->in_plen, + format_ip4_address, mp->out_addr, mp->out_plen); + + FINISH; +} + +static void +vl_api_nat_det_forward_t_handler (vl_api_nat_det_forward_t * mp) +{ + snat_main_t *sm = &snat_main; + vl_api_nat_det_forward_reply_t *rmp; + int rv = 0; + u16 lo_port = 0, hi_port = 0; + snat_det_map_t *dm; + ip4_address_t in_addr, out_addr; + + if (!mp->is_nat44) + { + out_addr.as_u32 = 0; + rv = VNET_API_ERROR_UNIMPLEMENTED; + goto send_reply; + } + + out_addr.as_u32 = 0; + clib_memcpy (&in_addr, mp->in_addr, 4); + dm = snat_det_map_by_user (sm, &in_addr); + if (!dm) + { + rv = VNET_API_ERROR_NO_SUCH_ENTRY; + goto send_reply; + } + + snat_det_forward (dm, &in_addr, &out_addr, &lo_port); + hi_port = lo_port + dm->ports_per_host - 1; + +send_reply: + /* *INDENT-OFF* */ + REPLY_MACRO2 (VL_API_NAT_DET_FORWARD_REPLY, + ({ + rmp->out_port_lo = ntohs (lo_port); + rmp->out_port_hi = ntohs (hi_port); + clib_memcpy (rmp->out_addr, &out_addr, 4); + })) + /* *INDENT-ON* */ +} + +static void * +vl_api_nat_det_forward_t_print (vl_api_nat_det_forward_t * mp, void *handle) +{ + u8 *s; + + s = format (0, "SCRIPT: nat_det_forward"); + s = format (s, "inside ip address %U\n", format_ip4_address, mp->in_addr); + + FINISH; +} + +static void +vl_api_nat_det_reverse_t_handler (vl_api_nat_det_reverse_t * mp) +{ + snat_main_t *sm = &snat_main; + vl_api_nat_det_reverse_reply_t *rmp; + int rv = 0; + ip4_address_t out_addr, in_addr; + snat_det_map_t *dm; + + in_addr.as_u32 = 0; + clib_memcpy (&out_addr, mp->out_addr, 4); + dm = snat_det_map_by_out (sm, &out_addr); + if (!dm) + { + rv = VNET_API_ERROR_NO_SUCH_ENTRY; + goto send_reply; + } + + snat_det_reverse (dm, &out_addr, htons (mp->out_port), &in_addr); + +send_reply: + /* *INDENT-OFF* */ + REPLY_MACRO2 (VL_API_NAT_DET_REVERSE_REPLY, + ({ + rmp->is_nat44 = 1; + memset (rmp->in_addr, 0, 16); + clib_memcpy (rmp->in_addr, &in_addr, 4); + })) + /* *INDENT-ON* */ +} + +static void * +vl_api_nat_det_reverse_t_print (vl_api_nat_det_reverse_t * mp, void *handle) +{ + u8 *s; + + s = format (0, "SCRIPT: nat_det_reverse"); + s = format (s, "outside ip address %U outside port %d", + format_ip4_address, mp->out_addr, ntohs (mp->out_port)); + + FINISH; +} + +static void +sent_nat_det_map_details (snat_det_map_t * m, unix_shared_memory_queue_t * q, + u32 context) +{ + vl_api_nat_det_map_details_t *rmp; + snat_main_t *sm = &snat_main; + + rmp = vl_msg_api_alloc (sizeof (*rmp)); + memset (rmp, 0, sizeof (*rmp)); + rmp->_vl_msg_id = ntohs (VL_API_NAT_DET_MAP_DETAILS + sm->msg_id_base); + rmp->is_nat44 = 1; + clib_memcpy (rmp->in_addr, &m->in_addr, 4); + rmp->in_plen = m->in_plen; + clib_memcpy (rmp->out_addr, &m->out_addr, 4); + rmp->out_plen = m->out_plen; + rmp->sharing_ratio = htonl (m->sharing_ratio); + rmp->ports_per_host = htons (m->ports_per_host); + rmp->ses_num = htonl (m->ses_num); + rmp->context = context; + + vl_msg_api_send_shmem (q, (u8 *) & rmp); +} + +static void +vl_api_nat_det_map_dump_t_handler (vl_api_nat_det_map_dump_t * mp) +{ + unix_shared_memory_queue_t *q; + snat_main_t *sm = &snat_main; + snat_det_map_t *m; + + q = vl_api_client_index_to_input_queue (mp->client_index); + if (q == 0) + return; + + /* *INDENT-OFF* */ + vec_foreach(m, sm->det_maps) + sent_nat_det_map_details(m, q, mp->context); + /* *INDENT-ON* */ +} + +static void * +vl_api_nat_det_map_dump_t_print (vl_api_nat_det_map_dump_t * mp, void *handle) +{ + u8 *s; + + s = format (0, "SCRIPT: nat_det_map_dump "); + + FINISH; +} + +static void +vl_api_nat_det_set_timeouts_t_handler (vl_api_nat_det_set_timeouts_t * mp) +{ + snat_main_t *sm = &snat_main; + vl_api_nat_det_set_timeouts_reply_t *rmp; + int rv = 0; + + sm->udp_timeout = ntohl (mp->udp); + sm->tcp_established_timeout = ntohl (mp->tcp_established); + sm->tcp_transitory_timeout = ntohl (mp->tcp_transitory); + sm->icmp_timeout = ntohl (mp->icmp); + + REPLY_MACRO (VL_API_NAT_DET_SET_TIMEOUTS_REPLY); +} + +static void * +vl_api_nat_det_set_timeouts_t_print (vl_api_nat_det_set_timeouts_t * mp, + void *handle) +{ + u8 *s; + + s = format (0, "SCRIPT: nat_det_set_timeouts "); + s = format (s, "udp %d tcp_established %d tcp_transitory %d icmp %d\n", + ntohl (mp->udp), + ntohl (mp->tcp_established), + ntohl (mp->tcp_transitory), ntohl (mp->icmp)); + + FINISH; +} + +static void +vl_api_nat_det_get_timeouts_t_handler (vl_api_nat_det_get_timeouts_t * mp) +{ + snat_main_t *sm = &snat_main; + vl_api_nat_det_get_timeouts_reply_t *rmp; + int rv = 0; + + /* *INDENT-OFF* */ + REPLY_MACRO2 (VL_API_NAT_DET_GET_TIMEOUTS_REPLY, + ({ + rmp->udp = htonl (sm->udp_timeout); + rmp->tcp_established = htonl (sm->tcp_established_timeout); + rmp->tcp_transitory = htonl (sm->tcp_transitory_timeout); + rmp->icmp = htonl (sm->icmp_timeout); + })) + /* *INDENT-ON* */ +} + +static void * +vl_api_nat_det_get_timeouts_t_print (vl_api_nat_det_get_timeouts_t * mp, + void *handle) +{ + u8 *s; + + s = format (0, "SCRIPT: nat_det_get_timeouts"); + + FINISH; +} + +static void +vl_api_nat_det_close_session_out_t_handler (vl_api_nat_det_close_session_out_t + * mp) +{ + snat_main_t *sm = &snat_main; + vl_api_nat_det_close_session_out_reply_t *rmp; + ip4_address_t out_addr, ext_addr, in_addr; + snat_det_out_key_t key; + snat_det_map_t *dm; + snat_det_session_t *ses; + int rv = 0; + + clib_memcpy (&out_addr, mp->out_addr, 4); + clib_memcpy (&ext_addr, mp->ext_addr, 4); + + dm = snat_det_map_by_out (sm, &out_addr); + if (!dm) + { + rv = VNET_API_ERROR_NO_SUCH_ENTRY; + goto send_reply; + } + snat_det_reverse (dm, &ext_addr, ntohs (mp->out_port), &in_addr); + key.ext_host_addr = ext_addr; + key.ext_host_port = mp->ext_port; + key.out_port = mp->out_port; + ses = snat_det_get_ses_by_out (dm, &in_addr, key.as_u64); + if (!ses) + { + rv = VNET_API_ERROR_NO_SUCH_ENTRY; + goto send_reply; + } + snat_det_ses_close (dm, ses); + +send_reply: + REPLY_MACRO (VL_API_NAT_DET_CLOSE_SESSION_OUT_REPLY); +} + +static void * +vl_api_nat_det_close_session_out_t_print (vl_api_nat_det_close_session_out_t * + mp, void *handle) +{ + u8 *s; + + s = format (0, "SCRIPT: nat_det_close_session_out "); + s = format (s, "out_addr %U out_port %d " + "ext_addr %U ext_port %d\n", + format_ip4_address, mp->out_addr, ntohs (mp->out_port), + format_ip4_address, mp->ext_addr, ntohs (mp->ext_port)); + + FINISH; +} + +static void +vl_api_nat_det_close_session_in_t_handler (vl_api_nat_det_close_session_in_t * + mp) +{ + snat_main_t *sm = &snat_main; + vl_api_nat_det_close_session_in_reply_t *rmp; + ip4_address_t in_addr, ext_addr; + snat_det_out_key_t key; + snat_det_map_t *dm; + snat_det_session_t *ses; + int rv = 0; + + if (!mp->is_nat44) + { + rv = VNET_API_ERROR_UNIMPLEMENTED; + goto send_reply; + } + + clib_memcpy (&in_addr, mp->in_addr, 4); + clib_memcpy (&ext_addr, mp->ext_addr, 4); + + dm = snat_det_map_by_user (sm, &in_addr); + if (!dm) + { + rv = VNET_API_ERROR_NO_SUCH_ENTRY; + goto send_reply; + } + key.ext_host_addr = ext_addr; + key.ext_host_port = mp->ext_port; + ses = snat_det_find_ses_by_in (dm, &in_addr, mp->in_port, key); + if (!ses) + { + rv = VNET_API_ERROR_NO_SUCH_ENTRY; + goto send_reply; + } + snat_det_ses_close (dm, ses); + +send_reply: + REPLY_MACRO (VL_API_NAT_DET_CLOSE_SESSION_OUT_REPLY); +} + +static void * +vl_api_nat_det_close_session_in_t_print (vl_api_nat_det_close_session_in_t * + mp, void *handle) +{ + u8 *s; + s = format (0, "SCRIPT: nat_det_close_session_in "); + s = format (s, "in_addr %U in_port %d ext_addr %U ext_port %d\n", + format_ip4_address, mp->in_addr, ntohs (mp->in_port), + format_ip4_address, mp->ext_addr, ntohs (mp->ext_port)); + + FINISH; +} + +static void +send_nat_det_session_details (snat_det_session_t * s, + unix_shared_memory_queue_t * q, u32 context) +{ + vl_api_nat_det_session_details_t *rmp; + snat_main_t *sm = &snat_main; + + rmp = vl_msg_api_alloc (sizeof (*rmp)); + memset (rmp, 0, sizeof (*rmp)); + rmp->_vl_msg_id = ntohs (VL_API_NAT_DET_SESSION_DETAILS + sm->msg_id_base); + rmp->in_port = s->in_port; + clib_memcpy (rmp->ext_addr, &s->out.ext_host_addr, 4); + rmp->ext_port = s->out.ext_host_port; + rmp->out_port = s->out.out_port; + rmp->state = s->state; + rmp->expire = ntohl (s->expire); + rmp->context = context; + + vl_msg_api_send_shmem (q, (u8 *) & rmp); +} + +static void +vl_api_nat_det_session_dump_t_handler (vl_api_nat_det_session_dump_t * mp) +{ + unix_shared_memory_queue_t *q; + snat_main_t *sm = &snat_main; + ip4_address_t user_addr; + snat_det_map_t *dm; + snat_det_session_t *s, empty_ses; + u16 i; + + q = vl_api_client_index_to_input_queue (mp->client_index); + if (q == 0) + return; + if (!mp->is_nat44) + return; + + memset (&empty_ses, 0, sizeof (empty_ses)); + clib_memcpy (&user_addr, mp->user_addr, 4); + dm = snat_det_map_by_user (sm, &user_addr); + if (!dm) + return; + + s = dm->sessions + snat_det_user_ses_offset (&user_addr, dm->in_plen); + for (i = 0; i < SNAT_DET_SES_PER_USER; i++) + { + if (s->out.as_u64) + send_nat_det_session_details (s, q, mp->context); + s++; + } +} + +static void * +vl_api_nat_det_session_dump_t_print (vl_api_nat_det_session_dump_t * mp, + void *handle) +{ + u8 *s; + + s = format (0, "SCRIPT: nat_det_session_dump "); + s = format (s, "user_addr %U\n", format_ip4_address, mp->user_addr); + + FINISH; +} + /*************/ /*** NAT64 ***/ /*************/ @@ -1883,6 +3140,34 @@ _(SNAT_DET_GET_TIMEOUTS, snat_det_get_timeouts) \ _(SNAT_DET_CLOSE_SESSION_OUT, snat_det_close_session_out) \ _(SNAT_DET_CLOSE_SESSION_IN, snat_det_close_session_in) \ _(SNAT_DET_SESSION_DUMP, snat_det_session_dump) \ +_(NAT_CONTROL_PING, nat_control_ping) \ +_(NAT_SHOW_CONFIG, nat_show_config) \ +_(NAT_SET_WORKERS, nat_set_workers) \ +_(NAT_WORKER_DUMP, nat_worker_dump) \ +_(NAT_IPFIX_ENABLE_DISABLE, nat_ipfix_enable_disable) \ +_(NAT44_ADD_DEL_ADDRESS_RANGE, nat44_add_del_address_range) \ +_(NAT44_INTERFACE_ADD_DEL_FEATURE, nat44_interface_add_del_feature) \ +_(NAT44_ADD_DEL_STATIC_MAPPING, nat44_add_del_static_mapping) \ +_(NAT44_STATIC_MAPPING_DUMP, nat44_static_mapping_dump) \ +_(NAT44_ADDRESS_DUMP, nat44_address_dump) \ +_(NAT44_INTERFACE_DUMP, nat44_interface_dump) \ +_(NAT44_ADD_DEL_INTERFACE_ADDR, nat44_add_del_interface_addr) \ +_(NAT44_INTERFACE_ADDR_DUMP, nat44_interface_addr_dump) \ +_(NAT44_USER_DUMP, nat44_user_dump) \ +_(NAT44_USER_SESSION_DUMP, nat44_user_session_dump) \ +_(NAT44_INTERFACE_ADD_DEL_OUTPUT_FEATURE, \ + nat44_interface_add_del_output_feature) \ +_(NAT44_INTERFACE_OUTPUT_FEATURE_DUMP, \ + nat44_interface_output_feature_dump) \ +_(NAT_DET_ADD_DEL_MAP, nat_det_add_del_map) \ +_(NAT_DET_FORWARD, nat_det_forward) \ +_(NAT_DET_REVERSE, nat_det_reverse) \ +_(NAT_DET_MAP_DUMP, nat_det_map_dump) \ +_(NAT_DET_SET_TIMEOUTS, nat_det_set_timeouts) \ +_(NAT_DET_GET_TIMEOUTS, nat_det_get_timeouts) \ +_(NAT_DET_CLOSE_SESSION_OUT, nat_det_close_session_out) \ +_(NAT_DET_CLOSE_SESSION_IN, nat_det_close_session_in) \ +_(NAT_DET_SESSION_DUMP, nat_det_session_dump) \ _(NAT64_ADD_DEL_POOL_ADDR_RANGE, nat64_add_del_pool_addr_range) \ _(NAT64_POOL_ADDR_DUMP, nat64_pool_addr_dump) \ _(NAT64_ADD_DEL_INTERFACE, nat64_add_del_interface) \ @@ -1915,7 +3200,7 @@ snat_plugin_api_hookup (vlib_main_t * vm) } #define vl_msg_name_crc_list -#include <snat/snat_all_api_h.h> +#include <nat/nat_all_api_h.h> #undef vl_msg_name_crc_list static void @@ -1923,7 +3208,7 @@ setup_message_id_table (snat_main_t * sm, api_main_t * am) { #define _(id,n,crc) \ vl_msg_api_add_msg_name_crc (am, #n "_" #crc, id + sm->msg_id_base); - foreach_vl_msg_name_crc_snat; + foreach_vl_msg_name_crc_nat; #undef _ } diff --git a/src/plugins/snat/snat_det.c b/src/plugins/nat/nat_det.c index 2d6fce85..3af6698c 100644 --- a/src/plugins/snat/snat_det.c +++ b/src/plugins/nat/nat_det.c @@ -19,7 +19,7 @@ * @brief deterministic NAT */ -#include <snat/snat_det.h> +#include <nat/nat_det.h> /** @@ -105,7 +105,7 @@ snat_det_add_map (snat_main_t * sm, ip4_address_t * in_addr, u8 in_plen, } /** - * @brief The 'snat-det-expire-walk' process's main loop. + * @brief The 'nat-det-expire-walk' process's main loop. * * Check expire time for active sessions. */ @@ -145,7 +145,7 @@ VLIB_REGISTER_NODE (snat_det_expire_walk_node, static) = { .function = snat_det_expire_walk_fn, .type = VLIB_NODE_TYPE_PROCESS, .name = - "snat-det-expire-walk", + "nat-det-expire-walk", }; /* *INDENT-ON* */ diff --git a/src/plugins/snat/snat_det.h b/src/plugins/nat/nat_det.h index f4fdb256..2ab7f27e 100644 --- a/src/plugins/snat/snat_det.h +++ b/src/plugins/nat/nat_det.h @@ -1,5 +1,5 @@ /* - * snat_det.h - deterministic nat definitions + * snat_det.h - deterministic NAT definitions * * Copyright (c) 2017 Cisco and/or its affiliates. * Licensed under the Apache License, Version 2.0 (the "License"); @@ -19,12 +19,12 @@ * @brief deterministic NAT definitions */ -#ifndef __included_snat_det_h__ -#define __included_snat_det_h__ +#ifndef __included_nat_det_h__ +#define __included_nat_det_h__ #include <vnet/ip/ip.h> -#include <snat/snat.h> -#include <snat/snat_ipfix_logging.h> +#include <nat/nat.h> +#include <nat/nat_ipfix_logging.h> #define SNAT_DET_SES_PER_USER 1000 @@ -185,7 +185,7 @@ snat_det_ses_close (snat_det_map_t * dm, snat_det_session_t * ses) } } -#endif /* __included_snat_det_h__ */ +#endif /* __included_nat_det_h__ */ /* * fd.io coding-style-patch-verification: ON diff --git a/src/plugins/snat/snat_ipfix_logging.c b/src/plugins/nat/nat_ipfix_logging.c index c68dc540..0cc0f82a 100644 --- a/src/plugins/snat/snat_ipfix_logging.c +++ b/src/plugins/nat/nat_ipfix_logging.c @@ -1,5 +1,5 @@ /* - * snat_ipfix_logging.c - NAT Events IPFIX logging + * nat_ipfix_logging.c - NAT Events IPFIX logging * * Copyright (c) 2016 Cisco and/or its affiliates. * Licensed under the Apache License, Version 2.0 (the "License"); @@ -17,8 +17,8 @@ #include <vnet/flow/flow_report.h> #include <vlibmemory/api.h> -#include <snat/snat.h> -#include <snat/snat_ipfix_logging.h> +#include <nat/nat.h> +#include <nat/nat_ipfix_logging.h> snat_ipfix_logging_main_t snat_ipfix_logging_main; @@ -610,7 +610,7 @@ snat_ipfix_logging_nat44_ses_rpc_cb (snat_ipfix_logging_nat44_ses_args_t *a) * * @param src_ip source IPv4 address * @param nat_src_ip transaltes source IPv4 address - * @param snat_proto SNAT transport protocol + * @param snat_proto NAT transport protocol * @param src_port source port * @param nat_src_port translated source port * @param vrf_id VRF ID @@ -642,7 +642,7 @@ snat_ipfix_logging_nat44_ses_create (u32 src_ip, * * @param src_ip source IPv4 address * @param nat_src_ip transaltes source IPv4 address - * @param snat_proto SNAT transport protocol + * @param snat_proto NAT transport protocol * @param src_port source port * @param nat_src_port translated source port * @param vrf_id VRF ID @@ -751,7 +751,7 @@ snat_data_callback_max_entries_per_usr (flow_report_main_t * frm, } /** - * @brief Enable/disable SNAT IPFIX logging + * @brief Enable/disable NAT plugin IPFIX logging * * @param enable 1 if enable, 0 if disable * @param domain_id observation domain ID @@ -818,7 +818,7 @@ snat_ipfix_logging_enable_disable (int enable, u32 domain_id, u16 src_port) } /** - * @brief Initialize SNAT IPFIX logging + * @brief Initialize NAT plugin IPFIX logging * * @param vm vlib main */ diff --git a/src/plugins/snat/snat_ipfix_logging.h b/src/plugins/nat/nat_ipfix_logging.h index 45c1a7bf..6dbf6627 100644 --- a/src/plugins/snat/snat_ipfix_logging.h +++ b/src/plugins/nat/nat_ipfix_logging.h @@ -1,5 +1,5 @@ /* - * snat_ipfix_logging.h - NAT Events IPFIX logging + * nat_ipfix_logging.h - NAT Events IPFIX logging * * Copyright (c) 2016 Cisco and/or its affiliates. * Licensed under the Apache License, Version 2.0 (the "License"); @@ -14,8 +14,8 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -#ifndef __included_snat_ipfix_logging_h__ -#define __included_snat_ipfix_logging_h__ +#ifndef __included_nat_ipfix_logging_h__ +#define __included_nat_ipfix_logging_h__ typedef enum { NAT_ADDRESSES_EXHAUTED = 3, @@ -30,7 +30,7 @@ typedef enum { } quota_exceed_event_t; typedef struct { - /** S-NAT IPFIX logging enabled */ + /** NAT plugin IPFIX logging enabled */ u8 enabled; /** ipfix buffers under construction */ @@ -76,4 +76,4 @@ void snat_ipfix_logging_nat44_ses_delete (u32 src_ip, u32 nat_src_ip, void snat_ipfix_logging_addresses_exhausted(u32 pool_id); void snat_ipfix_logging_max_entries_per_user(u32 src_ip); -#endif /* __included_snat_ipfix_logging_h__ */ +#endif /* __included_nat_ipfix_logging_h__ */ diff --git a/src/plugins/snat/snat_msg_enum.h b/src/plugins/nat/nat_msg_enum.h index 2c76fd51..710b631c 100644 --- a/src/plugins/snat/snat_msg_enum.h +++ b/src/plugins/nat/nat_msg_enum.h @@ -1,6 +1,6 @@ /* - * snat_msg_enum.h - skeleton vpp engine plug-in message enumeration + * nat_msg_enum.h - skeleton vpp engine plug-in message enumeration * * Copyright (c) <current-year> <your-organization> * Licensed under the Apache License, Version 2.0 (the "License"); @@ -15,17 +15,17 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -#ifndef included_snat_msg_enum_h -#define included_snat_msg_enum_h +#ifndef included_nat_msg_enum_h +#define included_nat_msg_enum_h #include <vppinfra/byte_order.h> #define vl_msg_id(n,h) n, typedef enum { -#include <snat/snat_all_api_h.h> +#include <nat/nat_all_api_h.h> /* We'll want to know how many messages IDs we need... */ VL_MSG_FIRST_AVAILABLE, } vl_msg_id_t; #undef vl_msg_id -#endif /* included_snat_msg_enum_h */ +#endif /* included_nat_msg_enum_h */ diff --git a/src/plugins/snat/snat_test.c b/src/plugins/nat/nat_test.c index 905b8fac..b653b77e 100644 --- a/src/plugins/snat/snat_test.c +++ b/src/plugins/nat/nat_test.c @@ -1,6 +1,6 @@ /* - * snat.c - skeleton vpp-api-test plug-in + * nat.c - skeleton vpp-api-test plug-in * * Copyright (c) <current-year> <your-organization> * Licensed under the Apache License, Version 2.0 (the "License"); @@ -21,7 +21,7 @@ #include <vlibsocket/api.h> #include <vppinfra/error.h> #include <vnet/ip/ip.h> -#include <snat/snat.h> +#include <nat/nat.h> #define __plugin_msg_base snat_test_main.msg_id_base #include <vlibapi/vat_helper_macros.h> @@ -29,28 +29,28 @@ uword unformat_sw_if_index (unformat_input_t * input, va_list * args); /* Declare message IDs */ -#include <snat/snat_msg_enum.h> +#include <nat/nat_msg_enum.h> /* define message structures */ #define vl_typedefs -#include <snat/snat_all_api_h.h> +#include <nat/nat_all_api_h.h> #undef vl_typedefs /* declare message handlers for each api */ #define vl_endianfun /* define message structures */ -#include <snat/snat_all_api_h.h> +#include <nat/nat_all_api_h.h> #undef vl_endianfun /* instantiate all the print functions we know about */ #define vl_print(handle, ...) #define vl_printfun -#include <snat/snat_all_api_h.h> +#include <nat/nat_all_api_h.h> #undef vl_printfun /* Get the API version number. */ #define vl_api_version(n,v) static u32 api_version=(v); -#include <snat/snat_all_api_h.h> +#include <nat/nat_all_api_h.h> #undef vl_api_version typedef struct { diff --git a/src/plugins/snat/out2in.c b/src/plugins/nat/out2in.c index 329d67dc..67950066 100644 --- a/src/plugins/snat/out2in.c +++ b/src/plugins/nat/out2in.c @@ -22,9 +22,9 @@ #include <vnet/udp/udp.h> #include <vnet/ethernet/ethernet.h> #include <vnet/fib/ip4_fib.h> -#include <snat/snat.h> -#include <snat/snat_ipfix_logging.h> -#include <snat/snat_det.h> +#include <nat/nat.h> +#include <nat/nat_ipfix_logging.h> +#include <nat/nat_det.h> #include <vppinfra/hash.h> #include <vppinfra/error.h> @@ -47,8 +47,8 @@ static u8 * format_snat_out2in_trace (u8 * s, va_list * args) CLIB_UNUSED (vlib_main_t * vm) = va_arg (*args, vlib_main_t *); CLIB_UNUSED (vlib_node_t * node) = va_arg (*args, vlib_node_t *); snat_out2in_trace_t * t = va_arg (*args, snat_out2in_trace_t *); - - s = format (s, "SNAT_OUT2IN: sw_if_index %d, next index %d, session index %d", + + s = format (s, "NAT44_OUT2IN: sw_if_index %d, next index %d, session index %d", t->sw_if_index, t->next_index, t->session_index); return s; } @@ -58,8 +58,8 @@ static u8 * format_snat_out2in_fast_trace (u8 * s, va_list * args) CLIB_UNUSED (vlib_main_t * vm) = va_arg (*args, vlib_main_t *); CLIB_UNUSED (vlib_node_t * node) = va_arg (*args, vlib_node_t *); snat_out2in_trace_t * t = va_arg (*args, snat_out2in_trace_t *); - - s = format (s, "SNAT_OUT2IN_FAST: sw_if_index %d, next index %d", + + s = format (s, "NAT44_OUT2IN_FAST: sw_if_index %d, next index %d", t->sw_if_index, t->next_index); return s; } @@ -73,7 +73,7 @@ static u8 * format_snat_out2in_worker_handoff_trace (u8 * s, va_list * args) char * m; m = t->do_handoff ? "next worker" : "same worker"; - s = format (s, "SNAT_OUT2IN_WORKER_HANDOFF: %s %d", m, t->next_worker_index); + s = format (s, "NAT44_OUT2IN_WORKER_HANDOFF: %s %d", m, t->next_worker_index); return s; } @@ -88,7 +88,7 @@ _(UNSUPPORTED_PROTOCOL, "Unsupported protocol") \ _(OUT2IN_PACKETS, "Good out2in packets processed") \ _(BAD_ICMP_TYPE, "unsupported ICMP type") \ _(NO_TRANSLATION, "No translation") - + typedef enum { #define _(sym,str) SNAT_OUT2IN_ERROR_##sym, foreach_snat_out2in_error @@ -115,10 +115,10 @@ typedef enum { * Create NAT session initiated by host from external network with static * mapping. * - * @param sm SNAT main. + * @param sm NAT main. * @param b0 Vlib buffer. - * @param in2out In2out SNAT session key. - * @param out2in Out2in SNAT session key. + * @param in2out In2out NAT44 session key. + * @param out2in Out2in NAT44 session key. * @param node Vlib node. * * @returns SNAT session if successfully created otherwise 0. @@ -276,11 +276,11 @@ snat_out2in_error_t icmp_get_key(ip4_header_t *ip0, } /** - * Get address and port values to be used for packet SNAT translation + * Get address and port values to be used for ICMP packet translation * and create session if needed * - * @param[in,out] sm SNAT main - * @param[in,out] node SNAT node runtime + * @param[in,out] sm NAT main + * @param[in,out] node NAT node runtime * @param[in] thread_index thread index * @param[in,out] b0 buffer containing packet to be translated * @param[out] p_proto protocol used for matching @@ -387,10 +387,10 @@ out: } /** - * Get address and port values to be used for packet SNAT translation + * Get address and port values to be used for ICMP packet translation * - * @param[in] sm SNAT main - * @param[in,out] node SNAT node runtime + * @param[in] sm NAT main + * @param[in,out] node NAT node runtime * @param[in] thread_index thread index * @param[in,out] b0 buffer containing packet to be translated * @param[out] p_proto protocol used for matching @@ -793,14 +793,14 @@ snat_out2in_node_fn (vlib_main_t * vm, u32 proto0, proto1; snat_session_t * s0 = 0, * s1 = 0; clib_bihash_kv_8_8_t kv0, kv1, value0, value1; - + /* Prefetch next iteration. */ { vlib_buffer_t * p2, * p3; - + p2 = vlib_get_buffer (vm, from[2]); p3 = vlib_get_buffer (vm, from[3]); - + vlib_prefetch_buffer_header (p2, LOAD); vlib_prefetch_buffer_header (p3, LOAD); @@ -828,7 +828,7 @@ snat_out2in_node_fn (vlib_main_t * vm, icmp0 = (icmp46_header_t *) udp0; sw_if_index0 = vnet_buffer(b0)->sw_if_index[VLIB_RX]; - rx_fib_index0 = vec_elt (sm->ip4_main->fib_index_by_sw_if_index, + rx_fib_index0 = vec_elt (sm->ip4_main->fib_index_by_sw_if_index, sw_if_index0); if (PREDICT_FALSE(ip0->ttl == 1)) @@ -852,8 +852,8 @@ snat_out2in_node_fn (vlib_main_t * vm, if (PREDICT_FALSE (proto0 == SNAT_PROTOCOL_ICMP)) { - next0 = icmp_out2in_slow_path - (sm, b0, ip0, icmp0, sw_if_index0, rx_fib_index0, node, + next0 = icmp_out2in_slow_path + (sm, b0, ip0, icmp0, sw_if_index0, rx_fib_index0, node, next0, now, thread_index, &s0); goto trace0; } @@ -862,7 +862,7 @@ snat_out2in_node_fn (vlib_main_t * vm, key0.port = udp0->dst_port; key0.protocol = proto0; key0.fib_index = rx_fib_index0; - + kv0.key = key0.as_u64; if (clib_bihash_search_8_8 (&sm->out2in, &kv0, &value0)) @@ -872,12 +872,12 @@ snat_out2in_node_fn (vlib_main_t * vm, if (snat_static_mapping_match(sm, key0, &sm0, 1, 0)) { b0->error = node->errors[SNAT_OUT2IN_ERROR_NO_TRANSLATION]; - /* + /* * Send DHCP packets to the ipv4 stack, or we won't * be able to use dhcp client on the outside interface */ - if (proto0 != SNAT_PROTOCOL_UDP - || (udp0->dst_port + if (proto0 != SNAT_PROTOCOL_UDP + || (udp0->dst_port != clib_host_to_net_u16(UDP_DST_PORT_dhcp_to_client))) next0 = SNAT_OUT2IN_NEXT_DROP; goto trace0; @@ -946,10 +946,10 @@ snat_out2in_node_fn (vlib_main_t * vm, } trace0: - if (PREDICT_FALSE((node->flags & VLIB_NODE_FLAG_TRACE) - && (b0->flags & VLIB_BUFFER_IS_TRACED))) + if (PREDICT_FALSE((node->flags & VLIB_NODE_FLAG_TRACE) + && (b0->flags & VLIB_BUFFER_IS_TRACED))) { - snat_out2in_trace_t *t = + snat_out2in_trace_t *t = vlib_add_trace (vm, node, b0, sizeof (*t)); t->sw_if_index = sw_if_index0; t->next_index = next0; @@ -967,7 +967,7 @@ snat_out2in_node_fn (vlib_main_t * vm, icmp1 = (icmp46_header_t *) udp1; sw_if_index1 = vnet_buffer(b1)->sw_if_index[VLIB_RX]; - rx_fib_index1 = vec_elt (sm->ip4_main->fib_index_by_sw_if_index, + rx_fib_index1 = vec_elt (sm->ip4_main->fib_index_by_sw_if_index, sw_if_index1); if (PREDICT_FALSE(ip1->ttl == 1)) @@ -991,8 +991,8 @@ snat_out2in_node_fn (vlib_main_t * vm, if (PREDICT_FALSE (proto1 == SNAT_PROTOCOL_ICMP)) { - next1 = icmp_out2in_slow_path - (sm, b1, ip1, icmp1, sw_if_index1, rx_fib_index1, node, + next1 = icmp_out2in_slow_path + (sm, b1, ip1, icmp1, sw_if_index1, rx_fib_index1, node, next1, now, thread_index, &s1); goto trace1; } @@ -1001,7 +1001,7 @@ snat_out2in_node_fn (vlib_main_t * vm, key1.port = udp1->dst_port; key1.protocol = proto1; key1.fib_index = rx_fib_index1; - + kv1.key = key1.as_u64; if (clib_bihash_search_8_8 (&sm->out2in, &kv1, &value1)) @@ -1011,12 +1011,12 @@ snat_out2in_node_fn (vlib_main_t * vm, if (snat_static_mapping_match(sm, key1, &sm1, 1, 0)) { b1->error = node->errors[SNAT_OUT2IN_ERROR_NO_TRANSLATION]; - /* + /* * Send DHCP packets to the ipv4 stack, or we won't * be able to use dhcp client on the outside interface */ - if (proto1 != SNAT_PROTOCOL_UDP - || (udp1->dst_port + if (proto1 != SNAT_PROTOCOL_UDP + || (udp1->dst_port != clib_host_to_net_u16(UDP_DST_PORT_dhcp_to_client))) next1 = SNAT_OUT2IN_NEXT_DROP; goto trace1; @@ -1085,10 +1085,10 @@ snat_out2in_node_fn (vlib_main_t * vm, } trace1: - if (PREDICT_FALSE((node->flags & VLIB_NODE_FLAG_TRACE) - && (b1->flags & VLIB_BUFFER_IS_TRACED))) + if (PREDICT_FALSE((node->flags & VLIB_NODE_FLAG_TRACE) + && (b1->flags & VLIB_BUFFER_IS_TRACED))) { - snat_out2in_trace_t *t = + snat_out2in_trace_t *t = vlib_add_trace (vm, node, b1, sizeof (*t)); t->sw_if_index = sw_if_index1; t->next_index = next1; @@ -1123,7 +1123,7 @@ snat_out2in_node_fn (vlib_main_t * vm, u32 proto0; snat_session_t * s0 = 0; clib_bihash_kv_8_8_t kv0, value0; - + /* speculatively enqueue b0 to the current next frame */ bi0 = from[0]; to_next[0] = bi0; @@ -1142,7 +1142,7 @@ snat_out2in_node_fn (vlib_main_t * vm, icmp0 = (icmp46_header_t *) udp0; sw_if_index0 = vnet_buffer(b0)->sw_if_index[VLIB_RX]; - rx_fib_index0 = vec_elt (sm->ip4_main->fib_index_by_sw_if_index, + rx_fib_index0 = vec_elt (sm->ip4_main->fib_index_by_sw_if_index, sw_if_index0); proto0 = ip_proto_to_snat_proto (ip0->protocol); @@ -1166,8 +1166,8 @@ snat_out2in_node_fn (vlib_main_t * vm, if (PREDICT_FALSE (proto0 == SNAT_PROTOCOL_ICMP)) { - next0 = icmp_out2in_slow_path - (sm, b0, ip0, icmp0, sw_if_index0, rx_fib_index0, node, + next0 = icmp_out2in_slow_path + (sm, b0, ip0, icmp0, sw_if_index0, rx_fib_index0, node, next0, now, thread_index, &s0); goto trace00; } @@ -1176,7 +1176,7 @@ snat_out2in_node_fn (vlib_main_t * vm, key0.port = udp0->dst_port; key0.protocol = proto0; key0.fib_index = rx_fib_index0; - + kv0.key = key0.as_u64; if (clib_bihash_search_8_8 (&sm->out2in, &kv0, &value0)) @@ -1186,12 +1186,12 @@ snat_out2in_node_fn (vlib_main_t * vm, if (snat_static_mapping_match(sm, key0, &sm0, 1, 0)) { b0->error = node->errors[SNAT_OUT2IN_ERROR_NO_TRANSLATION]; - /* + /* * Send DHCP packets to the ipv4 stack, or we won't * be able to use dhcp client on the outside interface */ - if (proto0 != SNAT_PROTOCOL_UDP - || (udp0->dst_port + if (proto0 != SNAT_PROTOCOL_UDP + || (udp0->dst_port != clib_host_to_net_u16(UDP_DST_PORT_dhcp_to_client))) next0 = SNAT_OUT2IN_NEXT_DROP; @@ -1261,10 +1261,10 @@ snat_out2in_node_fn (vlib_main_t * vm, } trace00: - if (PREDICT_FALSE((node->flags & VLIB_NODE_FLAG_TRACE) - && (b0->flags & VLIB_BUFFER_IS_TRACED))) + if (PREDICT_FALSE((node->flags & VLIB_NODE_FLAG_TRACE) + && (b0->flags & VLIB_BUFFER_IS_TRACED))) { - snat_out2in_trace_t *t = + snat_out2in_trace_t *t = vlib_add_trace (vm, node, b0, sizeof (*t)); t->sw_if_index = sw_if_index0; t->next_index = next0; @@ -1284,24 +1284,24 @@ snat_out2in_node_fn (vlib_main_t * vm, vlib_put_next_frame (vm, node, next_index, n_left_to_next); } - vlib_node_increment_counter (vm, snat_out2in_node.index, - SNAT_OUT2IN_ERROR_OUT2IN_PACKETS, + vlib_node_increment_counter (vm, snat_out2in_node.index, + SNAT_OUT2IN_ERROR_OUT2IN_PACKETS, pkts_processed); return frame->n_vectors; } VLIB_REGISTER_NODE (snat_out2in_node) = { .function = snat_out2in_node_fn, - .name = "snat-out2in", + .name = "nat44-out2in", .vector_size = sizeof (u32), .format_trace = format_snat_out2in_trace, .type = VLIB_NODE_TYPE_INTERNAL, - + .n_errors = ARRAY_LEN(snat_out2in_error_strings), .error_strings = snat_out2in_error_strings, .runtime_data_bytes = sizeof (snat_runtime_t), - + .n_next_nodes = SNAT_OUT2IN_N_NEXT, /* edit / add dispositions here */ @@ -1779,7 +1779,7 @@ snat_det_out2in_node_fn (vlib_main_t * vm, VLIB_REGISTER_NODE (snat_det_out2in_node) = { .function = snat_det_out2in_node_fn, - .name = "snat-det-out2in", + .name = "nat44-det-out2in", .vector_size = sizeof (u32), .format_trace = format_snat_out2in_trace, .type = VLIB_NODE_TYPE_INTERNAL, @@ -1801,11 +1801,11 @@ VLIB_REGISTER_NODE (snat_det_out2in_node) = { VLIB_NODE_FUNCTION_MULTIARCH (snat_det_out2in_node, snat_det_out2in_node_fn); /** - * Get address and port values to be used for packet SNAT translation + * Get address and port values to be used for ICMP packet translation * and create session if needed * - * @param[in,out] sm SNAT main - * @param[in,out] node SNAT node runtime + * @param[in,out] sm NAT main + * @param[in,out] node NAT node runtime * @param[in] thread_index thread index * @param[in,out] b0 buffer containing packet to be translated * @param[out] p_proto protocol used for matching @@ -2089,11 +2089,11 @@ snat_out2in_worker_handoff_fn (vlib_main_t * vm, VLIB_REGISTER_NODE (snat_out2in_worker_handoff_node) = { .function = snat_out2in_worker_handoff_fn, - .name = "snat-out2in-worker-handoff", + .name = "nat44-out2in-worker-handoff", .vector_size = sizeof (u32), .format_trace = format_snat_out2in_worker_handoff_trace, .type = VLIB_NODE_TYPE_INTERNAL, - + .n_next_nodes = 1, .next_nodes = { @@ -2105,7 +2105,7 @@ VLIB_NODE_FUNCTION_MULTIARCH (snat_out2in_worker_handoff_node, snat_out2in_worke static uword snat_out2in_fast_node_fn (vlib_main_t * vm, - vlib_node_runtime_t * node, + vlib_node_runtime_t * node, vlib_frame_t * frame) { u32 n_left_from, * from, * to_next; @@ -2272,16 +2272,16 @@ snat_out2in_fast_node_fn (vlib_main_t * vm, VLIB_REGISTER_NODE (snat_out2in_fast_node) = { .function = snat_out2in_fast_node_fn, - .name = "snat-out2in-fast", + .name = "nat44-out2in-fast", .vector_size = sizeof (u32), .format_trace = format_snat_out2in_fast_trace, .type = VLIB_NODE_TYPE_INTERNAL, - + .n_errors = ARRAY_LEN(snat_out2in_error_strings), .error_strings = snat_out2in_error_strings, .runtime_data_bytes = sizeof (snat_runtime_t), - + .n_next_nodes = SNAT_OUT2IN_N_NEXT, /* edit / add dispositions here */ diff --git a/src/plugins/snat.am b/src/plugins/snat.am deleted file mode 100644 index 6b75f3d2..00000000 --- a/src/plugins/snat.am +++ /dev/null @@ -1,41 +0,0 @@ - -# Copyright (c) <current-year> <your-organization> -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at: -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -vppapitestplugins_LTLIBRARIES += snat_test_plugin.la -vppplugins_LTLIBRARIES += snat_plugin.la - -snat_plugin_la_SOURCES = snat/snat.c \ - snat/snat_api.c \ - snat/in2out.c \ - snat/out2in.c \ - snat/snat_plugin.api.h \ - snat/snat_ipfix_logging.c \ - snat/snat_det.c \ - snat/nat64.c \ - snat/nat64_cli.c \ - snat/nat64_in2out.c \ - snat/nat64_out2in.c \ - snat/nat64_db.c - -API_FILES += snat/snat.api - -nobase_apiinclude_HEADERS += \ - snat/snat_all_api_h.h \ - snat/snat_msg_enum.h \ - snat/snat.api.h - -snat_test_plugin_la_SOURCES = \ - snat/snat_test.c snat/snat_plugin.api.h - -# vi:syntax=automake diff --git a/src/scripts/vnet/snat b/src/scripts/vnet/nat44 index a711519e..3292b565 100644 --- a/src/scripts/vnet/snat +++ b/src/scripts/vnet/nat44 @@ -30,7 +30,7 @@ packet-generator new { } } -snat add address 172.16.1.3 +nat44 add address 172.16.1.3 set int ip address pg0 10.0.0.1/24 set int ip address pg1 172.16.1.1/24 set int state pg0 up @@ -38,4 +38,4 @@ set int state pg1 up set ip arp static pg0 10.0.0.3 abcd.abcd.abcd set ip arp static pg0 10.0.0.4 abcd.abcd.abcd set ip arp static pg1 172.16.1.2 cdef.abcd.abcd -set int snat in pg0 out pg1 +set int nat44 in pg0 out pg1 diff --git a/src/scripts/vnet/snat_det b/src/scripts/vnet/nat44_det index d1361bb1..629772e6 100644 --- a/src/scripts/vnet/snat_det +++ b/src/scripts/vnet/nat44_det @@ -96,7 +96,7 @@ packet-generator new { } } -snat deterministic add in 10.0.0.0/21 out 1.1.1.2/32 +nat44 deterministic add in 10.0.0.0/21 out 1.1.1.2/32 set int ip address pg0 10.0.0.1/24 set int ip address pg1 172.16.1.1/24 set int state pg0 up @@ -104,5 +104,5 @@ set int state pg1 up set ip arp static pg0 10.0.0.3 abcd.abcd.abcd set ip arp static pg0 10.0.0.4 abcd.abcd.abcd set ip arp static pg1 172.16.1.2 cdef.abcd.abcd -set int snat in pg0 out pg1 +set int nat44 in pg0 out pg1 trace add pg-input 10 diff --git a/src/scripts/vnet/snat_static b/src/scripts/vnet/nat44_static index 8fe48bff..2b8f25ec 100644 --- a/src/scripts/vnet/snat_static +++ b/src/scripts/vnet/nat44_static @@ -32,13 +32,13 @@ packet-generator new { } } -snat add address 172.16.1.3 -snat add static mapping local 10.0.0.3 external 172.16.1.3 +nat44 add address 172.16.1.3 +nat44 add static mapping local 10.0.0.3 external 172.16.1.3 set int ip address pg0 10.0.0.1/24 set int ip address pg1 172.16.1.1/24 set int state pg0 up set int state pg1 up set ip arp static pg0 10.0.0.3 abcd.abcd.abcd set ip arp static pg1 172.16.1.2 cdef.abcd.abcd -set int snat in pg0 out pg1 +set int nat44 in pg0 out pg1 trace add pg-input 10 diff --git a/src/scripts/vnet/snat_static_with_port b/src/scripts/vnet/nat44_static_with_port index f646145a..15bef1be 100644 --- a/src/scripts/vnet/snat_static_with_port +++ b/src/scripts/vnet/nat44_static_with_port @@ -32,13 +32,13 @@ packet-generator new { } } -snat add address 172.16.1.3 -snat add static mapping local 10.0.0.3 3000 external 172.16.1.3 3000 +nat44 add address 172.16.1.3 +nat44 add static mapping local 10.0.0.3 3000 external 172.16.1.3 3000 set int ip address pg0 10.0.0.1/24 set int ip address pg1 172.16.1.1/24 set int state pg0 up set int state pg1 up set ip arp static pg0 10.0.0.3 abcd.abcd.abcd set ip arp static pg1 172.16.1.2 cdef.abcd.abcd -set int snat in pg0 out pg1 +set int nat44 in pg0 out pg1 trace add pg-input 10 diff --git a/src/vpp-api/java/Makefile.am b/src/vpp-api/java/Makefile.am index e0f5203d..637bb774 100644 --- a/src/vpp-api/java/Makefile.am +++ b/src/vpp-api/java/Makefile.am @@ -169,23 +169,23 @@ jvpp-pppoe/io_fd_vpp_jvpp_pppoe_JVppPppoeImpl.h: $(jvpp_registry_ok) $(jvpp_pppo endif # -# SNAT Plugin +# NAT Plugin # -if ENABLE_SNAT_PLUGIN -noinst_LTLIBRARIES += libjvpp_snat.la -libjvpp_snat_la_SOURCES = jvpp-snat/jvpp_snat.c -libjvpp_snat_la_CPPFLAGS = -Ijvpp-snat -libjvpp_snat_la_LIBADD = $(JVPP_LIBS) -libjvpp_snat_la_DEPENDENCIES = libjvpp_common.la +if ENABLE_NAT_PLUGIN +noinst_LTLIBRARIES += libjvpp_nat.la +libjvpp_nat_la_SOURCES = jvpp-nat/jvpp_nat.c +libjvpp_nat_la_CPPFLAGS = -Ijvpp-nat +libjvpp_nat_la_LIBADD = $(JVPP_LIBS) +libjvpp_nat_la_DEPENDENCIES = libjvpp_common.la -BUILT_SOURCES += jvpp-snat/io_fd_vpp_jvpp_snat_JVppSnatImpl.h -JAR_FILES += jvpp-snat-$(PACKAGE_VERSION).jar -CLEANDIRS += jvpp-snat/target +BUILT_SOURCES += jvpp-nat/io_fd_vpp_jvpp_nat_JVppNatImpl.h +JAR_FILES += jvpp-nat-$(PACKAGE_VERSION).jar +CLEANDIRS += jvpp-nat/target -jvpp_snat_json_files = @top_builddir@/plugins/snat/snat.api.json +jvpp_nat_json_files = @top_builddir@/plugins/nat/nat.api.json -jvpp-snat/io_fd_vpp_jvpp_snat_JVppSnatImpl.h: $(jvpp_registry_ok) $(jvpp_snat_json_files) - $(call japigen,snat,JVppSnatImpl) +jvpp-nat/io_fd_vpp_jvpp_nat_JVppNatImpl.h: $(jvpp_registry_ok) $(jvpp_nat_json_files) + $(call japigen,nat,JVppNatImpl) endif # diff --git a/src/vpp-api/java/jvpp-snat/io/fd/vpp/jvpp/snat/examples/CallbackApiExample.java b/src/vpp-api/java/jvpp-nat/io/fd/vpp/jvpp/nat/examples/CallbackApiExample.java index f4a2943f..e4d5cb33 100644 --- a/src/vpp-api/java/jvpp-snat/io/fd/vpp/jvpp/snat/examples/CallbackApiExample.java +++ b/src/vpp-api/java/jvpp-nat/io/fd/vpp/jvpp/nat/examples/CallbackApiExample.java @@ -14,24 +14,24 @@ * limitations under the License. */ -package io.fd.vpp.jvpp.snat.examples; +package io.fd.vpp.jvpp.nat.examples; import io.fd.vpp.jvpp.JVpp; import io.fd.vpp.jvpp.JVppRegistry; import io.fd.vpp.jvpp.JVppRegistryImpl; import io.fd.vpp.jvpp.VppCallbackException; -import io.fd.vpp.jvpp.snat.JVppSnatImpl; -import io.fd.vpp.jvpp.snat.callback.SnatInterfaceAddDelFeatureCallback; -import io.fd.vpp.jvpp.snat.dto.SnatInterfaceAddDelFeature; -import io.fd.vpp.jvpp.snat.dto.SnatInterfaceAddDelFeatureReply; +import io.fd.vpp.jvpp.nat.JVppNatImpl; +import io.fd.vpp.jvpp.nat.callback.Nat44InterfaceAddDelFeatureCallback; +import io.fd.vpp.jvpp.nat.dto.Nat44InterfaceAddDelFeature; +import io.fd.vpp.jvpp.nat.dto.Nat44InterfaceAddDelFeatureReply; public class CallbackApiExample { - static class TestCallback implements SnatInterfaceAddDelFeatureCallback { + static class TestCallback implements Nat44InterfaceAddDelFeatureCallback { @Override - public void onSnatInterfaceAddDelFeatureReply(final SnatInterfaceAddDelFeatureReply msg) { - System.out.printf("Received SnatInterfaceAddDelFeatureReply: context=%d%n", + public void onNat44InterfaceAddDelFeatureReply(final Nat44InterfaceAddDelFeatureReply msg) { + System.out.printf("Received Nat44InterfaceAddDelFeatureReply: context=%d%n", msg.context); } @@ -47,18 +47,18 @@ public class CallbackApiExample { } private static void testCallbackApi() throws Exception { - System.out.println("Testing Java callback API for snat plugin"); - try (final JVppRegistry registry = new JVppRegistryImpl("SnatCallbackApiTest"); - final JVpp jvpp = new JVppSnatImpl()) { + System.out.println("Testing Java callback API for nat plugin"); + try (final JVppRegistry registry = new JVppRegistryImpl("NatCallbackApiTest"); + final JVpp jvpp = new JVppNatImpl()) { registry.register(jvpp, new TestCallback()); - System.out.println("Sending SnatInterfaceAddDelFeature request..."); - SnatInterfaceAddDelFeature request = new SnatInterfaceAddDelFeature(); + System.out.println("Sending Nat44InterfaceAddDelFeature request..."); + Nat44InterfaceAddDelFeature request = new Nat44InterfaceAddDelFeature(); request.isAdd = 1; request.isInside = 1; request.swIfIndex = 1; final int result = jvpp.send(request); - System.out.printf("SnatInterfaceAddDelFeature send result = %d%n", result); + System.out.printf("Nat44InterfaceAddDelFeature send result = %d%n", result); Thread.sleep(1000); diff --git a/src/vpp-api/java/jvpp-nat/io/fd/vpp/jvpp/nat/examples/Readme.txt b/src/vpp-api/java/jvpp-nat/io/fd/vpp/jvpp/nat/examples/Readme.txt new file mode 100644 index 00000000..ac75e04e --- /dev/null +++ b/src/vpp-api/java/jvpp-nat/io/fd/vpp/jvpp/nat/examples/Readme.txt @@ -0,0 +1 @@ +sudo java -cp build-vpp-native/vpp/vpp-api/java/jvpp-registry-17.10.jar:build-vpp-native/vpp/vpp-api/java/jvpp-nat-17.10.jar io.fd.vpp.jvpp.nat.examples.CallbackApiExample diff --git a/src/vpp-api/java/jvpp-snat/jvpp_snat.c b/src/vpp-api/java/jvpp-nat/jvpp_nat.c index 5fd6a88b..85217f04 100644 --- a/src/vpp-api/java/jvpp-snat/jvpp_snat.c +++ b/src/vpp-api/java/jvpp-nat/jvpp_nat.c @@ -15,9 +15,9 @@ #include <vnet/vnet.h> -#include <snat/snat_msg_enum.h> +#include <nat/nat_msg_enum.h> #define vl_typedefs /* define message structures */ -#include <snat/snat_all_api_h.h> +#include <nat/nat_all_api_h.h> #undef vl_typedefs #include <vnet/api_errno.h> @@ -32,19 +32,19 @@ #include <jvpp-common/jvpp_common.h> -#include "jvpp-snat/io_fd_vpp_jvpp_snat_JVppSnatImpl.h" -#include "jvpp_snat.h" -#include "jvpp-snat/jvpp_snat_gen.h" +#include "jvpp-nat/io_fd_vpp_jvpp_nat_JVppNatImpl.h" +#include "jvpp_nat.h" +#include "jvpp-nat/jvpp_nat_gen.h" /* - * Class: io_fd_vpp_jvpp_snat_JVppsnatImpl + * Class: io_fd_vpp_jvpp_nat_JVppNatImpl * Method: init0 * Signature: (JI)V */ -JNIEXPORT void JNICALL Java_io_fd_vpp_jvpp_snat_JVppSnatImpl_init0 +JNIEXPORT void JNICALL Java_io_fd_vpp_jvpp_nat_JVppNatImpl_init0 (JNIEnv *env, jclass clazz, jobject callback, jlong queue_address, jint my_client_index) { - snat_main_t * plugin_main = &snat_main; - clib_warning ("Java_io_fd_vpp_jvpp_snat_JVppSnatImpl_init0"); + nat_main_t * plugin_main = &nat_main; + clib_warning ("Java_io_fd_vpp_jvpp_nat_JVppNatImpl_init0"); plugin_main->my_client_index = my_client_index; plugin_main->vl_input_queue = uword_to_pointer (queue_address, unix_shared_memory_queue_t *); @@ -69,9 +69,9 @@ JNIEXPORT void JNICALL Java_io_fd_vpp_jvpp_snat_JVppSnatImpl_init0 #undef _ } -JNIEXPORT void JNICALL Java_io_fd_vpp_jvpp_snat_JVppSnatImpl_close0 +JNIEXPORT void JNICALL Java_io_fd_vpp_jvpp_nat_JVppNatImpl_close0 (JNIEnv *env, jclass clazz) { - snat_main_t * plugin_main = &snat_main; + nat_main_t * plugin_main = &nat_main; // cleanup: (*env)->DeleteGlobalRef(env, plugin_main->callbackClass); diff --git a/src/vpp-api/java/jvpp-snat/jvpp_snat.h b/src/vpp-api/java/jvpp-nat/jvpp_nat.h index 7739a411..c8f6b683 100644 --- a/src/vpp-api/java/jvpp-snat/jvpp_snat.h +++ b/src/vpp-api/java/jvpp-nat/jvpp_nat.h @@ -12,8 +12,8 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -#ifndef __included_jvpp_snat_h__ -#define __included_jvpp_snat_h__ +#ifndef __included_jvpp_nat_h__ +#define __included_jvpp_nat_h__ #include <vnet/vnet.h> #include <vnet/ip/ip.h> @@ -22,7 +22,7 @@ #include <vlibmemory/api.h> #include <jni.h> -/* Global state for JVPP-SNAT */ +/* Global state for JVPP-NAT */ typedef struct { /* Pointer to shared memory queue */ unix_shared_memory_queue_t * vl_input_queue; @@ -34,9 +34,9 @@ typedef struct { jobject callbackObject; jclass callbackClass; -} snat_main_t; +} nat_main_t; -snat_main_t snat_main __attribute__((aligned (64))); +nat_main_t nat_main __attribute__((aligned (64))); -#endif /* __included_jvpp_snat_h__ */ +#endif /* __included_jvpp_nat_h__ */ diff --git a/src/vpp-api/java/jvpp-snat/io/fd/vpp/jvpp/snat/examples/Readme.txt b/src/vpp-api/java/jvpp-snat/io/fd/vpp/jvpp/snat/examples/Readme.txt deleted file mode 100644 index 470850ee..00000000 --- a/src/vpp-api/java/jvpp-snat/io/fd/vpp/jvpp/snat/examples/Readme.txt +++ /dev/null @@ -1 +0,0 @@ -sudo java -cp build-vpp-native/vpp/vpp-api/java/jvpp-registry-17.10.jar:build-vpp-native/vpp/vpp-api/java/jvpp-snat-17.10.jar io.fd.vpp.jvpp.snat.examples.CallbackApiExample diff --git a/test/test_snat.py b/test/test_nat.py index eb47bbb8..0d622b08 100644 --- a/test/test_snat.py +++ b/test/test_nat.py @@ -18,7 +18,7 @@ from time import sleep class MethodHolder(VppTestCase): - """ SNAT create capture and verify method holder """ + """ NAT create capture and verify method holder """ @classmethod def setUpClass(cls): @@ -241,11 +241,11 @@ class MethodHolder(VppTestCase): Create packet stream for outside network :param out_if: Outside interface - :param dst_ip: Destination IP address (Default use global SNAT address) + :param dst_ip: Destination IP address (Default use global NAT address) :param ttl: TTL of generated packets """ if dst_ip is None: - dst_ip = self.snat_addr + dst_ip = self.nat_addr pkts = [] # TCP p = (Ether(dst=out_if.local_mac, src=out_if.remote_mac) / @@ -273,13 +273,13 @@ class MethodHolder(VppTestCase): Verify captured packets on outside network :param capture: Captured packets - :param nat_ip: Translated IP address (Default use global SNAT address) + :param nat_ip: Translated IP address (Default use global NAT address) :param same_port: Sorce port number is not translated (Default False) :param packet_num: Expected number of packets (Default 3) :param dst_ip: Destination IP address (Default do not verify) """ if nat_ip is None: - nat_ip = self.snat_addr + nat_ip = self.nat_addr self.assertEqual(packet_num, len(capture)) for packet in capture: try: @@ -399,13 +399,13 @@ class MethodHolder(VppTestCase): :param capture: Captured packets :param src_ip: Translated IP address or IP address of VPP - (Default use global SNAT address) + (Default use global NAT address) :param packet_num: Expected number of packets (Default 3) :param icmp_type: Type of error ICMP packet we are expecting (Default 11) """ if src_ip is None: - src_ip = self.snat_addr + src_ip = self.nat_addr self.assertEqual(packet_num, len(capture)) for packet in capture: try: @@ -480,7 +480,7 @@ class MethodHolder(VppTestCase): # sourceIPv4Address self.assertEqual(self.pg0.remote_ip4n, record[8]) # postNATSourceIPv4Address - self.assertEqual(socket.inet_pton(socket.AF_INET, self.snat_addr), + self.assertEqual(socket.inet_pton(socket.AF_INET, self.nat_addr), record[225]) # ingressVRFID self.assertEqual(struct.pack("!I", 0), record[234]) @@ -518,12 +518,12 @@ class MethodHolder(VppTestCase): self.assertEqual(struct.pack("!I", 0), record[283]) -class TestSNAT(MethodHolder): - """ SNAT Test Cases """ +class TestNAT44(MethodHolder): + """ NAT44 Test Cases """ @classmethod def setUpClass(cls): - super(TestSNAT, cls).setUpClass() + super(TestNAT44, cls).setUpClass() try: cls.tcp_port_in = 6303 @@ -532,7 +532,7 @@ class TestSNAT(MethodHolder): cls.udp_port_out = 6304 cls.icmp_id_in = 6305 cls.icmp_id_out = 6305 - cls.snat_addr = '10.0.0.3' + cls.nat_addr = '10.0.0.3' cls.ipfix_src_port = 4739 cls.ipfix_domain_id = 1 @@ -570,12 +570,12 @@ class TestSNAT(MethodHolder): cls.pg8.admin_up() except Exception: - super(TestSNAT, cls).tearDownClass() + super(TestNAT44, cls).tearDownClass() raise - def clear_snat(self): + def clear_nat44(self): """ - Clear SNAT configuration. + Clear NAT44 configuration. """ # I found no elegant way to do this self.vapi.ip_add_del_route(dst_address=self.pg7.remote_ip4n, @@ -600,50 +600,51 @@ class TestSNAT(MethodHolder): if self.pg7.has_ip4_config: self.pg7.unconfig_ip4() - interfaces = self.vapi.snat_interface_addr_dump() + interfaces = self.vapi.nat44_interface_addr_dump() for intf in interfaces: - self.vapi.snat_add_interface_addr(intf.sw_if_index, is_add=0) + self.vapi.nat44_add_interface_addr(intf.sw_if_index, is_add=0) - self.vapi.snat_ipfix(enable=0, src_port=self.ipfix_src_port, - domain_id=self.ipfix_domain_id) + self.vapi.nat_ipfix(enable=0, src_port=self.ipfix_src_port, + domain_id=self.ipfix_domain_id) self.ipfix_src_port = 4739 self.ipfix_domain_id = 1 - interfaces = self.vapi.snat_interface_dump() + interfaces = self.vapi.nat44_interface_dump() for intf in interfaces: - self.vapi.snat_interface_add_del_feature(intf.sw_if_index, - intf.is_inside, - is_add=0) + self.vapi.nat44_interface_add_del_feature(intf.sw_if_index, + intf.is_inside, + is_add=0) - interfaces = self.vapi.snat_interface_output_feature_dump() + interfaces = self.vapi.nat44_interface_output_feature_dump() for intf in interfaces: - self.vapi.snat_interface_add_del_output_feature(intf.sw_if_index, - intf.is_inside, - is_add=0) + self.vapi.nat44_interface_add_del_output_feature(intf.sw_if_index, + intf.is_inside, + is_add=0) - static_mappings = self.vapi.snat_static_mapping_dump() + static_mappings = self.vapi.nat44_static_mapping_dump() for sm in static_mappings: - self.vapi.snat_add_static_mapping(sm.local_ip_address, - sm.external_ip_address, - local_port=sm.local_port, - external_port=sm.external_port, - addr_only=sm.addr_only, - vrf_id=sm.vrf_id, - protocol=sm.protocol, - is_add=0) - - adresses = self.vapi.snat_address_dump() + self.vapi.nat44_add_del_static_mapping( + sm.local_ip_address, + sm.external_ip_address, + local_port=sm.local_port, + external_port=sm.external_port, + addr_only=sm.addr_only, + vrf_id=sm.vrf_id, + protocol=sm.protocol, + is_add=0) + + adresses = self.vapi.nat44_address_dump() for addr in adresses: - self.vapi.snat_add_address_range(addr.ip_address, - addr.ip_address, - is_add=0) - - def snat_add_static_mapping(self, local_ip, external_ip='0.0.0.0', - local_port=0, external_port=0, vrf_id=0, - is_add=1, external_sw_if_index=0xFFFFFFFF, - proto=0): + self.vapi.nat44_add_del_address_range(addr.ip_address, + addr.ip_address, + is_add=0) + + def nat44_add_static_mapping(self, local_ip, external_ip='0.0.0.0', + local_port=0, external_port=0, vrf_id=0, + is_add=1, external_sw_if_index=0xFFFFFFFF, + proto=0): """ - Add/delete S-NAT static mapping + Add/delete NAT44 static mapping :param local_ip: Local IP address :param external_ip: External IP address @@ -659,7 +660,7 @@ class TestSNAT(MethodHolder): addr_only = 0 l_ip = socket.inet_pton(socket.AF_INET, local_ip) e_ip = socket.inet_pton(socket.AF_INET, external_ip) - self.vapi.snat_add_static_mapping( + self.vapi.nat44_add_del_static_mapping( l_ip, e_ip, external_sw_if_index, @@ -670,24 +671,24 @@ class TestSNAT(MethodHolder): proto, is_add) - def snat_add_address(self, ip, is_add=1, vrf_id=0xFFFFFFFF): + def nat44_add_address(self, ip, is_add=1, vrf_id=0xFFFFFFFF): """ - Add/delete S-NAT address + Add/delete NAT44 address :param ip: IP address :param is_add: 1 if add, 0 if delete (Default add) """ - snat_addr = socket.inet_pton(socket.AF_INET, ip) - self.vapi.snat_add_address_range(snat_addr, snat_addr, is_add, - vrf_id=vrf_id) + nat_addr = socket.inet_pton(socket.AF_INET, ip) + self.vapi.nat44_add_del_address_range(nat_addr, nat_addr, is_add, + vrf_id=vrf_id) def test_dynamic(self): - """ SNAT dynamic translation test """ + """ NAT44 dynamic translation test """ - self.snat_add_address(self.snat_addr) - self.vapi.snat_interface_add_del_feature(self.pg0.sw_if_index) - self.vapi.snat_interface_add_del_feature(self.pg1.sw_if_index, - is_inside=0) + self.nat44_add_address(self.nat_addr) + self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index) + self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index, + is_inside=0) # in2out pkts = self.create_stream_in(self.pg0, self.pg1) @@ -706,12 +707,12 @@ class TestSNAT(MethodHolder): self.verify_capture_in(capture, self.pg0) def test_dynamic_icmp_errors_in2out_ttl_1(self): - """ SNAT handling of client packets with TTL=1 """ + """ NAT44 handling of client packets with TTL=1 """ - self.snat_add_address(self.snat_addr) - self.vapi.snat_interface_add_del_feature(self.pg0.sw_if_index) - self.vapi.snat_interface_add_del_feature(self.pg1.sw_if_index, - is_inside=0) + self.nat44_add_address(self.nat_addr) + self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index) + self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index, + is_inside=0) # Client side - generate traffic pkts = self.create_stream_in(self.pg0, self.pg1, ttl=1) @@ -724,12 +725,12 @@ class TestSNAT(MethodHolder): self.verify_capture_in_with_icmp_errors(capture, self.pg0) def test_dynamic_icmp_errors_out2in_ttl_1(self): - """ SNAT handling of server packets with TTL=1 """ + """ NAT44 handling of server packets with TTL=1 """ - self.snat_add_address(self.snat_addr) - self.vapi.snat_interface_add_del_feature(self.pg0.sw_if_index) - self.vapi.snat_interface_add_del_feature(self.pg1.sw_if_index, - is_inside=0) + self.nat44_add_address(self.nat_addr) + self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index) + self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index, + is_inside=0) # Client side - create sessions pkts = self.create_stream_in(self.pg0, self.pg1) @@ -751,12 +752,12 @@ class TestSNAT(MethodHolder): src_ip=self.pg1.local_ip4) def test_dynamic_icmp_errors_in2out_ttl_2(self): - """ SNAT handling of error responses to client packets with TTL=2 """ + """ NAT44 handling of error responses to client packets with TTL=2 """ - self.snat_add_address(self.snat_addr) - self.vapi.snat_interface_add_del_feature(self.pg0.sw_if_index) - self.vapi.snat_interface_add_del_feature(self.pg1.sw_if_index, - is_inside=0) + self.nat44_add_address(self.nat_addr) + self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index) + self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index, + is_inside=0) # Client side - generate traffic pkts = self.create_stream_in(self.pg0, self.pg1, ttl=2) @@ -767,7 +768,7 @@ class TestSNAT(MethodHolder): # Server side - simulate ICMP type 11 response capture = self.pg1.get_capture(len(pkts)) pkts = [Ether(dst=self.pg1.local_mac, src=self.pg1.remote_mac) / - IP(src=self.pg1.remote_ip4, dst=self.snat_addr) / + IP(src=self.pg1.remote_ip4, dst=self.nat_addr) / ICMP(type=11) / packet[IP] for packet in capture] self.pg1.add_stream(pkts) self.pg_enable_capture(self.pg_interfaces) @@ -778,12 +779,12 @@ class TestSNAT(MethodHolder): self.verify_capture_in_with_icmp_errors(capture, self.pg0) def test_dynamic_icmp_errors_out2in_ttl_2(self): - """ SNAT handling of error responses to server packets with TTL=2 """ + """ NAT44 handling of error responses to server packets with TTL=2 """ - self.snat_add_address(self.snat_addr) - self.vapi.snat_interface_add_del_feature(self.pg0.sw_if_index) - self.vapi.snat_interface_add_del_feature(self.pg1.sw_if_index, - is_inside=0) + self.nat44_add_address(self.nat_addr) + self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index) + self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index, + is_inside=0) # Client side - create sessions pkts = self.create_stream_in(self.pg0, self.pg1) @@ -813,12 +814,12 @@ class TestSNAT(MethodHolder): self.verify_capture_out_with_icmp_errors(capture) def test_ping_out_interface_from_outside(self): - """ Ping SNAT out interface from outside network """ + """ Ping NAT44 out interface from outside network """ - self.snat_add_address(self.snat_addr) - self.vapi.snat_interface_add_del_feature(self.pg0.sw_if_index) - self.vapi.snat_interface_add_del_feature(self.pg1.sw_if_index, - is_inside=0) + self.nat44_add_address(self.nat_addr) + self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index) + self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index, + is_inside=0) p = (Ether(dst=self.pg1.local_mac, src=self.pg1.remote_mac) / IP(src=self.pg1.remote_ip4, dst=self.pg1.local_ip4) / @@ -843,14 +844,14 @@ class TestSNAT(MethodHolder): def test_ping_internal_host_from_outside(self): """ Ping internal host from outside network """ - self.snat_add_static_mapping(self.pg0.remote_ip4, self.snat_addr) - self.vapi.snat_interface_add_del_feature(self.pg0.sw_if_index) - self.vapi.snat_interface_add_del_feature(self.pg1.sw_if_index, - is_inside=0) + self.nat44_add_static_mapping(self.pg0.remote_ip4, self.nat_addr) + self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index) + self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index, + is_inside=0) # out2in pkt = (Ether(dst=self.pg1.local_mac, src=self.pg1.remote_mac) / - IP(src=self.pg1.remote_ip4, dst=self.snat_addr, ttl=64) / + IP(src=self.pg1.remote_ip4, dst=self.nat_addr, ttl=64) / ICMP(id=self.icmp_id_out, type='echo-request')) self.pg1.add_stream(pkt) self.pg_enable_capture(self.pg_interfaces) @@ -871,17 +872,17 @@ class TestSNAT(MethodHolder): self.assert_equal(capture[0][IP].proto, IP_PROTOS.icmp) def test_static_in(self): - """ SNAT 1:1 NAT initialized from inside network """ + """ 1:1 NAT initialized from inside network """ nat_ip = "10.0.0.10" self.tcp_port_out = 6303 self.udp_port_out = 6304 self.icmp_id_out = 6305 - self.snat_add_static_mapping(self.pg0.remote_ip4, nat_ip) - self.vapi.snat_interface_add_del_feature(self.pg0.sw_if_index) - self.vapi.snat_interface_add_del_feature(self.pg1.sw_if_index, - is_inside=0) + self.nat44_add_static_mapping(self.pg0.remote_ip4, nat_ip) + self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index) + self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index, + is_inside=0) # in2out pkts = self.create_stream_in(self.pg0, self.pg1) @@ -900,17 +901,17 @@ class TestSNAT(MethodHolder): self.verify_capture_in(capture, self.pg0) def test_static_out(self): - """ SNAT 1:1 NAT initialized from outside network """ + """ 1:1 NAT initialized from outside network """ nat_ip = "10.0.0.20" self.tcp_port_out = 6303 self.udp_port_out = 6304 self.icmp_id_out = 6305 - self.snat_add_static_mapping(self.pg0.remote_ip4, nat_ip) - self.vapi.snat_interface_add_del_feature(self.pg0.sw_if_index) - self.vapi.snat_interface_add_del_feature(self.pg1.sw_if_index, - is_inside=0) + self.nat44_add_static_mapping(self.pg0.remote_ip4, nat_ip) + self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index) + self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index, + is_inside=0) # out2in pkts = self.create_stream_out(self.pg1, nat_ip) @@ -929,25 +930,25 @@ class TestSNAT(MethodHolder): self.verify_capture_out(capture, nat_ip, True) def test_static_with_port_in(self): - """ SNAT 1:1 NAT with port initialized from inside network """ + """ 1:1 NAPT initialized from inside network """ self.tcp_port_out = 3606 self.udp_port_out = 3607 self.icmp_id_out = 3608 - self.snat_add_address(self.snat_addr) - self.snat_add_static_mapping(self.pg0.remote_ip4, self.snat_addr, - self.tcp_port_in, self.tcp_port_out, - proto=IP_PROTOS.tcp) - self.snat_add_static_mapping(self.pg0.remote_ip4, self.snat_addr, - self.udp_port_in, self.udp_port_out, - proto=IP_PROTOS.udp) - self.snat_add_static_mapping(self.pg0.remote_ip4, self.snat_addr, - self.icmp_id_in, self.icmp_id_out, - proto=IP_PROTOS.icmp) - self.vapi.snat_interface_add_del_feature(self.pg0.sw_if_index) - self.vapi.snat_interface_add_del_feature(self.pg1.sw_if_index, - is_inside=0) + self.nat44_add_address(self.nat_addr) + self.nat44_add_static_mapping(self.pg0.remote_ip4, self.nat_addr, + self.tcp_port_in, self.tcp_port_out, + proto=IP_PROTOS.tcp) + self.nat44_add_static_mapping(self.pg0.remote_ip4, self.nat_addr, + self.udp_port_in, self.udp_port_out, + proto=IP_PROTOS.udp) + self.nat44_add_static_mapping(self.pg0.remote_ip4, self.nat_addr, + self.icmp_id_in, self.icmp_id_out, + proto=IP_PROTOS.icmp) + self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index) + self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index, + is_inside=0) # in2out pkts = self.create_stream_in(self.pg0, self.pg1) @@ -966,25 +967,25 @@ class TestSNAT(MethodHolder): self.verify_capture_in(capture, self.pg0) def test_static_with_port_out(self): - """ SNAT 1:1 NAT with port initialized from outside network """ + """ 1:1 NAPT initialized from outside network """ self.tcp_port_out = 30606 self.udp_port_out = 30607 self.icmp_id_out = 30608 - self.snat_add_address(self.snat_addr) - self.snat_add_static_mapping(self.pg0.remote_ip4, self.snat_addr, - self.tcp_port_in, self.tcp_port_out, - proto=IP_PROTOS.tcp) - self.snat_add_static_mapping(self.pg0.remote_ip4, self.snat_addr, - self.udp_port_in, self.udp_port_out, - proto=IP_PROTOS.udp) - self.snat_add_static_mapping(self.pg0.remote_ip4, self.snat_addr, - self.icmp_id_in, self.icmp_id_out, - proto=IP_PROTOS.icmp) - self.vapi.snat_interface_add_del_feature(self.pg0.sw_if_index) - self.vapi.snat_interface_add_del_feature(self.pg1.sw_if_index, - is_inside=0) + self.nat44_add_address(self.nat_addr) + self.nat44_add_static_mapping(self.pg0.remote_ip4, self.nat_addr, + self.tcp_port_in, self.tcp_port_out, + proto=IP_PROTOS.tcp) + self.nat44_add_static_mapping(self.pg0.remote_ip4, self.nat_addr, + self.udp_port_in, self.udp_port_out, + proto=IP_PROTOS.udp) + self.nat44_add_static_mapping(self.pg0.remote_ip4, self.nat_addr, + self.icmp_id_in, self.icmp_id_out, + proto=IP_PROTOS.icmp) + self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index) + self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index, + is_inside=0) # out2in pkts = self.create_stream_out(self.pg1) @@ -1003,7 +1004,7 @@ class TestSNAT(MethodHolder): self.verify_capture_out(capture) def test_static_vrf_aware(self): - """ SNAT 1:1 NAT VRF awareness """ + """ 1:1 NAT VRF awareness """ nat_ip1 = "10.0.0.30" nat_ip2 = "10.0.0.40" @@ -1011,16 +1012,16 @@ class TestSNAT(MethodHolder): self.udp_port_out = 6304 self.icmp_id_out = 6305 - self.snat_add_static_mapping(self.pg4.remote_ip4, nat_ip1, - vrf_id=10) - self.snat_add_static_mapping(self.pg0.remote_ip4, nat_ip2, - vrf_id=10) - self.vapi.snat_interface_add_del_feature(self.pg3.sw_if_index, - is_inside=0) - self.vapi.snat_interface_add_del_feature(self.pg0.sw_if_index) - self.vapi.snat_interface_add_del_feature(self.pg4.sw_if_index) + self.nat44_add_static_mapping(self.pg4.remote_ip4, nat_ip1, + vrf_id=10) + self.nat44_add_static_mapping(self.pg0.remote_ip4, nat_ip2, + vrf_id=10) + self.vapi.nat44_interface_add_del_feature(self.pg3.sw_if_index, + is_inside=0) + self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index) + self.vapi.nat44_interface_add_del_feature(self.pg4.sw_if_index) - # inside interface VRF match SNAT static mapping VRF + # inside interface VRF match NAT44 static mapping VRF pkts = self.create_stream_in(self.pg4, self.pg3) self.pg4.add_stream(pkts) self.pg_enable_capture(self.pg_interfaces) @@ -1028,7 +1029,7 @@ class TestSNAT(MethodHolder): capture = self.pg3.get_capture(len(pkts)) self.verify_capture_out(capture, nat_ip1, True) - # inside interface VRF don't match SNAT static mapping VRF (packets + # inside interface VRF don't match NAT44 static mapping VRF (packets # are dropped) pkts = self.create_stream_in(self.pg0, self.pg3) self.pg0.add_stream(pkts) @@ -1037,15 +1038,15 @@ class TestSNAT(MethodHolder): self.pg3.assert_nothing_captured() def test_multiple_inside_interfaces(self): - """ SNAT multiple inside interfaces (non-overlapping address space) """ + """ NAT44 multiple non-overlapping address space inside interfaces """ - self.snat_add_address(self.snat_addr) - self.vapi.snat_interface_add_del_feature(self.pg0.sw_if_index) - self.vapi.snat_interface_add_del_feature(self.pg1.sw_if_index) - self.vapi.snat_interface_add_del_feature(self.pg3.sw_if_index, - is_inside=0) + self.nat44_add_address(self.nat_addr) + self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index) + self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_feature(self.pg3.sw_if_index, + is_inside=0) - # between two S-NAT inside interfaces (no translation) + # between two NAT44 inside interfaces (no translation) pkts = self.create_stream_in(self.pg0, self.pg1) self.pg0.add_stream(pkts) self.pg_enable_capture(self.pg_interfaces) @@ -1053,7 +1054,7 @@ class TestSNAT(MethodHolder): capture = self.pg1.get_capture(len(pkts)) self.verify_capture_no_translation(capture, self.pg0, self.pg1) - # from S-NAT inside to interface without S-NAT feature (no translation) + # from NAT44 inside to interface without NAT44 feature (no translation) pkts = self.create_stream_in(self.pg0, self.pg2) self.pg0.add_stream(pkts) self.pg_enable_capture(self.pg_interfaces) @@ -1094,19 +1095,19 @@ class TestSNAT(MethodHolder): self.verify_capture_in(capture, self.pg1) def test_inside_overlapping_interfaces(self): - """ SNAT multiple inside interfaces with overlapping address space """ + """ NAT44 multiple inside interfaces with overlapping address space """ static_nat_ip = "10.0.0.10" - self.snat_add_address(self.snat_addr) - self.vapi.snat_interface_add_del_feature(self.pg3.sw_if_index, - is_inside=0) - self.vapi.snat_interface_add_del_feature(self.pg4.sw_if_index) - self.vapi.snat_interface_add_del_feature(self.pg5.sw_if_index) - self.vapi.snat_interface_add_del_feature(self.pg6.sw_if_index) - self.snat_add_static_mapping(self.pg6.remote_ip4, static_nat_ip, - vrf_id=20) - - # between S-NAT inside interfaces with same VRF (no translation) + self.nat44_add_address(self.nat_addr) + self.vapi.nat44_interface_add_del_feature(self.pg3.sw_if_index, + is_inside=0) + self.vapi.nat44_interface_add_del_feature(self.pg4.sw_if_index) + self.vapi.nat44_interface_add_del_feature(self.pg5.sw_if_index) + self.vapi.nat44_interface_add_del_feature(self.pg6.sw_if_index) + self.nat44_add_static_mapping(self.pg6.remote_ip4, static_nat_ip, + vrf_id=20) + + # between NAT44 inside interfaces with same VRF (no translation) pkts = self.create_stream_in(self.pg4, self.pg5) self.pg4.add_stream(pkts) self.pg_enable_capture(self.pg_interfaces) @@ -1114,7 +1115,7 @@ class TestSNAT(MethodHolder): capture = self.pg5.get_capture(len(pkts)) self.verify_capture_no_translation(capture, self.pg4, self.pg5) - # between S-NAT inside interfaces with different VRF (hairpinning) + # between NAT44 inside interfaces with different VRF (hairpinning) p = (Ether(src=self.pg4.remote_mac, dst=self.pg4.local_mac) / IP(src=self.pg4.remote_ip4, dst=static_nat_ip) / TCP(sport=1234, dport=5678)) @@ -1126,7 +1127,7 @@ class TestSNAT(MethodHolder): try: ip = p[IP] tcp = p[TCP] - self.assertEqual(ip.src, self.snat_addr) + self.assertEqual(ip.src, self.nat_addr) self.assertEqual(ip.dst, self.pg6.remote_ip4) self.assertNotEqual(tcp.sport, 1234) self.assertEqual(tcp.dport, 5678) @@ -1167,9 +1168,9 @@ class TestSNAT(MethodHolder): self.verify_capture_in(capture, self.pg5) # pg5 session dump - addresses = self.vapi.snat_address_dump() + addresses = self.vapi.nat44_address_dump() self.assertEqual(len(addresses), 1) - sessions = self.vapi.snat_user_session_dump(self.pg5.remote_ip4n, 10) + sessions = self.vapi.nat44_user_session_dump(self.pg5.remote_ip4n, 10) self.assertEqual(len(sessions), 3) for session in sessions: self.assertFalse(session.is_static) @@ -1204,13 +1205,13 @@ class TestSNAT(MethodHolder): self.verify_capture_in(capture, self.pg6) # general user and session dump verifications - users = self.vapi.snat_user_dump() + users = self.vapi.nat44_user_dump() self.assertTrue(len(users) >= 3) - addresses = self.vapi.snat_address_dump() + addresses = self.vapi.nat44_address_dump() self.assertEqual(len(addresses), 1) for user in users: - sessions = self.vapi.snat_user_session_dump(user.ip_address, - user.vrf_id) + sessions = self.vapi.nat44_user_session_dump(user.ip_address, + user.vrf_id) for session in sessions: self.assertEqual(user.ip_address, session.inside_ip_address) self.assertTrue(session.total_bytes > session.total_pkts > 0) @@ -1219,7 +1220,7 @@ class TestSNAT(MethodHolder): IP_PROTOS.icmp]) # pg4 session dump - sessions = self.vapi.snat_user_session_dump(self.pg4.remote_ip4n, 10) + sessions = self.vapi.nat44_user_session_dump(self.pg4.remote_ip4n, 10) self.assertTrue(len(sessions) >= 4) for session in sessions: self.assertFalse(session.is_static) @@ -1229,7 +1230,7 @@ class TestSNAT(MethodHolder): addresses[0].ip_address) # pg6 session dump - sessions = self.vapi.snat_user_session_dump(self.pg6.remote_ip4n, 20) + sessions = self.vapi.nat44_user_session_dump(self.pg6.remote_ip4n, 20) self.assertTrue(len(sessions) >= 3) for session in sessions: self.assertTrue(session.is_static) @@ -1242,7 +1243,7 @@ class TestSNAT(MethodHolder): self.icmp_id_in]) def test_hairpinning(self): - """ SNAT hairpinning - 1:1 NAT with port""" + """ NAT44 hairpinning - 1:1 NAPT """ host = self.pg0.remote_hosts[0] server = self.pg0.remote_hosts[1] @@ -1251,18 +1252,18 @@ class TestSNAT(MethodHolder): server_in_port = 5678 server_out_port = 8765 - self.snat_add_address(self.snat_addr) - self.vapi.snat_interface_add_del_feature(self.pg0.sw_if_index) - self.vapi.snat_interface_add_del_feature(self.pg1.sw_if_index, - is_inside=0) + self.nat44_add_address(self.nat_addr) + self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index) + self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index, + is_inside=0) # add static mapping for server - self.snat_add_static_mapping(server.ip4, self.snat_addr, - server_in_port, server_out_port, - proto=IP_PROTOS.tcp) + self.nat44_add_static_mapping(server.ip4, self.nat_addr, + server_in_port, server_out_port, + proto=IP_PROTOS.tcp) # send packet from host to server p = (Ether(src=host.mac, dst=self.pg0.local_mac) / - IP(src=host.ip4, dst=self.snat_addr) / + IP(src=host.ip4, dst=self.nat_addr) / TCP(sport=host_in_port, dport=server_out_port)) self.pg0.add_stream(p) self.pg_enable_capture(self.pg_interfaces) @@ -1272,7 +1273,7 @@ class TestSNAT(MethodHolder): try: ip = p[IP] tcp = p[TCP] - self.assertEqual(ip.src, self.snat_addr) + self.assertEqual(ip.src, self.nat_addr) self.assertEqual(ip.dst, server.ip4) self.assertNotEqual(tcp.sport, host_in_port) self.assertEqual(tcp.dport, server_in_port) @@ -1284,7 +1285,7 @@ class TestSNAT(MethodHolder): # send reply from server to host p = (Ether(src=server.mac, dst=self.pg0.local_mac) / - IP(src=server.ip4, dst=self.snat_addr) / + IP(src=server.ip4, dst=self.nat_addr) / TCP(sport=server_in_port, dport=host_out_port)) self.pg0.add_stream(p) self.pg_enable_capture(self.pg_interfaces) @@ -1294,7 +1295,7 @@ class TestSNAT(MethodHolder): try: ip = p[IP] tcp = p[TCP] - self.assertEqual(ip.src, self.snat_addr) + self.assertEqual(ip.src, self.nat_addr) self.assertEqual(ip.dst, host.ip4) self.assertEqual(tcp.sport, server_out_port) self.assertEqual(tcp.dport, host_in_port) @@ -1304,7 +1305,7 @@ class TestSNAT(MethodHolder): raise def test_hairpinning2(self): - """ SNAT hairpinning - 1:1 NAT""" + """ NAT44 hairpinning - 1:1 NAT""" server1_nat_ip = "10.0.0.10" server2_nat_ip = "10.0.0.11" @@ -1314,14 +1315,14 @@ class TestSNAT(MethodHolder): server_tcp_port = 22 server_udp_port = 20 - self.snat_add_address(self.snat_addr) - self.vapi.snat_interface_add_del_feature(self.pg0.sw_if_index) - self.vapi.snat_interface_add_del_feature(self.pg1.sw_if_index, - is_inside=0) + self.nat44_add_address(self.nat_addr) + self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index) + self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index, + is_inside=0) # add static mapping for servers - self.snat_add_static_mapping(server1.ip4, server1_nat_ip) - self.snat_add_static_mapping(server2.ip4, server2_nat_ip) + self.nat44_add_static_mapping(server1.ip4, server1_nat_ip) + self.nat44_add_static_mapping(server2.ip4, server2_nat_ip) # host to server1 pkts = [] @@ -1343,7 +1344,7 @@ class TestSNAT(MethodHolder): capture = self.pg0.get_capture(len(pkts)) for packet in capture: try: - self.assertEqual(packet[IP].src, self.snat_addr) + self.assertEqual(packet[IP].src, self.nat_addr) self.assertEqual(packet[IP].dst, server1.ip4) if packet.haslayer(TCP): self.assertNotEqual(packet[TCP].sport, self.tcp_port_in) @@ -1364,15 +1365,15 @@ class TestSNAT(MethodHolder): # server1 to host pkts = [] p = (Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac) / - IP(src=server1.ip4, dst=self.snat_addr) / + IP(src=server1.ip4, dst=self.nat_addr) / TCP(sport=server_tcp_port, dport=self.tcp_port_out)) pkts.append(p) p = (Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac) / - IP(src=server1.ip4, dst=self.snat_addr) / + IP(src=server1.ip4, dst=self.nat_addr) / UDP(sport=server_udp_port, dport=self.udp_port_out)) pkts.append(p) p = (Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac) / - IP(src=server1.ip4, dst=self.snat_addr) / + IP(src=server1.ip4, dst=self.nat_addr) / ICMP(id=self.icmp_id_out, type='echo-reply')) pkts.append(p) self.pg0.add_stream(pkts) @@ -1472,16 +1473,16 @@ class TestSNAT(MethodHolder): def test_max_translations_per_user(self): """ MAX translations per user - recycle the least recently used """ - self.snat_add_address(self.snat_addr) - self.vapi.snat_interface_add_del_feature(self.pg0.sw_if_index) - self.vapi.snat_interface_add_del_feature(self.pg1.sw_if_index, - is_inside=0) + self.nat44_add_address(self.nat_addr) + self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index) + self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index, + is_inside=0) # get maximum number of translations per user - snat_config = self.vapi.snat_show_config() + nat44_config = self.vapi.nat_show_config() # send more than maximum number of translations per user packets - pkts_num = snat_config.max_translations_per_user + 5 + pkts_num = nat44_config.max_translations_per_user + 5 pkts = [] for port in range(0, pkts_num): p = (Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac) / @@ -1496,39 +1497,40 @@ class TestSNAT(MethodHolder): self.pg1.get_capture(pkts_num) def test_interface_addr(self): - """ Acquire SNAT addresses from interface """ - self.vapi.snat_add_interface_addr(self.pg7.sw_if_index) + """ Acquire NAT44 addresses from interface """ + self.vapi.nat44_add_interface_addr(self.pg7.sw_if_index) # no address in NAT pool - adresses = self.vapi.snat_address_dump() + adresses = self.vapi.nat44_address_dump() self.assertEqual(0, len(adresses)) # configure interface address and check NAT address pool self.pg7.config_ip4() - adresses = self.vapi.snat_address_dump() + adresses = self.vapi.nat44_address_dump() self.assertEqual(1, len(adresses)) self.assertEqual(adresses[0].ip_address[0:4], self.pg7.local_ip4n) # remove interface address and check NAT address pool self.pg7.unconfig_ip4() - adresses = self.vapi.snat_address_dump() + adresses = self.vapi.nat44_address_dump() self.assertEqual(0, len(adresses)) def test_interface_addr_static_mapping(self): """ Static mapping with addresses from interface """ - self.vapi.snat_add_interface_addr(self.pg7.sw_if_index) - self.snat_add_static_mapping('1.2.3.4', - external_sw_if_index=self.pg7.sw_if_index) + self.vapi.nat44_add_interface_addr(self.pg7.sw_if_index) + self.nat44_add_static_mapping( + '1.2.3.4', + external_sw_if_index=self.pg7.sw_if_index) # static mappings with external interface - static_mappings = self.vapi.snat_static_mapping_dump() + static_mappings = self.vapi.nat44_static_mapping_dump() self.assertEqual(1, len(static_mappings)) self.assertEqual(self.pg7.sw_if_index, static_mappings[0].external_sw_if_index) # configure interface address and check static mappings self.pg7.config_ip4() - static_mappings = self.vapi.snat_static_mapping_dump() + static_mappings = self.vapi.nat44_static_mapping_dump() self.assertEqual(1, len(static_mappings)) self.assertEqual(static_mappings[0].external_ip_address[0:4], self.pg7.local_ip4n) @@ -1536,26 +1538,26 @@ class TestSNAT(MethodHolder): # remove interface address and check static mappings self.pg7.unconfig_ip4() - static_mappings = self.vapi.snat_static_mapping_dump() + static_mappings = self.vapi.nat44_static_mapping_dump() self.assertEqual(0, len(static_mappings)) def test_ipfix_nat44_sess(self): - """ S-NAT IPFIX logging NAT44 session created/delted """ + """ IPFIX logging NAT44 session created/delted """ self.ipfix_domain_id = 10 self.ipfix_src_port = 20202 colector_port = 30303 bind_layers(UDP, IPFIX, dport=30303) - self.snat_add_address(self.snat_addr) - self.vapi.snat_interface_add_del_feature(self.pg0.sw_if_index) - self.vapi.snat_interface_add_del_feature(self.pg1.sw_if_index, - is_inside=0) + self.nat44_add_address(self.nat_addr) + self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index) + self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index, + is_inside=0) self.vapi.set_ipfix_exporter(collector_address=self.pg3.remote_ip4n, src_address=self.pg3.local_ip4n, path_mtu=512, template_interval=10, collector_port=colector_port) - self.vapi.snat_ipfix(domain_id=self.ipfix_domain_id, - src_port=self.ipfix_src_port) + self.vapi.nat_ipfix(domain_id=self.ipfix_domain_id, + src_port=self.ipfix_src_port) pkts = self.create_stream_in(self.pg0, self.pg1) self.pg0.add_stream(pkts) @@ -1563,7 +1565,7 @@ class TestSNAT(MethodHolder): self.pg_start() capture = self.pg1.get_capture(len(pkts)) self.verify_capture_out(capture) - self.snat_add_address(self.snat_addr, is_add=0) + self.nat44_add_address(self.nat_addr, is_add=0) self.vapi.cli("ipfix flush") # FIXME this should be an API call capture = self.pg3.get_capture(3) ipfix = IPFIXDecoder() @@ -1585,16 +1587,16 @@ class TestSNAT(MethodHolder): self.verify_ipfix_nat44_ses(data) def test_ipfix_addr_exhausted(self): - """ S-NAT IPFIX logging NAT addresses exhausted """ - self.vapi.snat_interface_add_del_feature(self.pg0.sw_if_index) - self.vapi.snat_interface_add_del_feature(self.pg1.sw_if_index, - is_inside=0) + """ IPFIX logging NAT addresses exhausted """ + self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index) + self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index, + is_inside=0) self.vapi.set_ipfix_exporter(collector_address=self.pg3.remote_ip4n, src_address=self.pg3.local_ip4n, path_mtu=512, template_interval=10) - self.vapi.snat_ipfix(domain_id=self.ipfix_domain_id, - src_port=self.ipfix_src_port) + self.vapi.nat_ipfix(domain_id=self.ipfix_domain_id, + src_port=self.ipfix_src_port) p = (Ether(src=self.pg0.remote_mac, dst=self.pg0.local_mac) / IP(src=self.pg0.remote_ip4, dst=self.pg1.remote_ip4) / @@ -1624,17 +1626,17 @@ class TestSNAT(MethodHolder): self.verify_ipfix_addr_exhausted(data) def test_pool_addr_fib(self): - """ S-NAT add pool addresses to FIB """ + """ NAT44 add pool addresses to FIB """ static_addr = '10.0.0.10' - self.snat_add_address(self.snat_addr) - self.vapi.snat_interface_add_del_feature(self.pg0.sw_if_index) - self.vapi.snat_interface_add_del_feature(self.pg1.sw_if_index, - is_inside=0) - self.snat_add_static_mapping(self.pg0.remote_ip4, static_addr) + self.nat44_add_address(self.nat_addr) + self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index) + self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index, + is_inside=0) + self.nat44_add_static_mapping(self.pg0.remote_ip4, static_addr) - # SNAT address + # NAT44 address p = (Ether(src=self.pg1.remote_mac, dst='ff:ff:ff:ff:ff:ff') / - ARP(op=ARP.who_has, pdst=self.snat_addr, + ARP(op=ARP.who_has, pdst=self.nat_addr, psrc=self.pg1.remote_ip4, hwsrc=self.pg1.remote_mac)) self.pg1.add_stream(p) self.pg_enable_capture(self.pg_interfaces) @@ -1654,9 +1656,9 @@ class TestSNAT(MethodHolder): self.assertTrue(capture[0].haslayer(ARP)) self.assertTrue(capture[0][ARP].op, ARP.is_at) - # send ARP to non-SNAT interface + # send ARP to non-NAT44 interface p = (Ether(src=self.pg2.remote_mac, dst='ff:ff:ff:ff:ff:ff') / - ARP(op=ARP.who_has, pdst=self.snat_addr, + ARP(op=ARP.who_has, pdst=self.nat_addr, psrc=self.pg2.remote_ip4, hwsrc=self.pg2.remote_mac)) self.pg2.add_stream(p) self.pg_enable_capture(self.pg_interfaces) @@ -1664,12 +1666,12 @@ class TestSNAT(MethodHolder): capture = self.pg1.get_capture(0) # remove addresses and verify - self.snat_add_address(self.snat_addr, is_add=0) - self.snat_add_static_mapping(self.pg0.remote_ip4, static_addr, - is_add=0) + self.nat44_add_address(self.nat_addr, is_add=0) + self.nat44_add_static_mapping(self.pg0.remote_ip4, static_addr, + is_add=0) p = (Ether(src=self.pg1.remote_mac, dst='ff:ff:ff:ff:ff:ff') / - ARP(op=ARP.who_has, pdst=self.snat_addr, + ARP(op=ARP.who_has, pdst=self.nat_addr, psrc=self.pg1.remote_ip4, hwsrc=self.pg1.remote_mac)) self.pg1.add_stream(p) self.pg_enable_capture(self.pg_interfaces) @@ -1685,7 +1687,7 @@ class TestSNAT(MethodHolder): capture = self.pg1.get_capture(0) def test_vrf_mode(self): - """ S-NAT tenant VRF aware address pool mode """ + """ NAT44 tenant VRF aware address pool mode """ vrf_id1 = 1 vrf_id2 = 2 @@ -1699,12 +1701,12 @@ class TestSNAT(MethodHolder): self.pg0.config_ip4() self.pg1.config_ip4() - self.snat_add_address(nat_ip1, vrf_id=vrf_id1) - self.snat_add_address(nat_ip2, vrf_id=vrf_id2) - self.vapi.snat_interface_add_del_feature(self.pg0.sw_if_index) - self.vapi.snat_interface_add_del_feature(self.pg1.sw_if_index) - self.vapi.snat_interface_add_del_feature(self.pg2.sw_if_index, - is_inside=0) + self.nat44_add_address(nat_ip1, vrf_id=vrf_id1) + self.nat44_add_address(nat_ip2, vrf_id=vrf_id2) + self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index) + self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_feature(self.pg2.sw_if_index, + is_inside=0) # first VRF pkts = self.create_stream_in(self.pg0, self.pg2) @@ -1723,17 +1725,17 @@ class TestSNAT(MethodHolder): self.verify_capture_out(capture, nat_ip2) def test_vrf_feature_independent(self): - """ S-NAT tenant VRF independent address pool mode """ + """ NAT44 tenant VRF independent address pool mode """ nat_ip1 = "10.0.0.10" nat_ip2 = "10.0.0.11" - self.snat_add_address(nat_ip1) - self.snat_add_address(nat_ip2) - self.vapi.snat_interface_add_del_feature(self.pg0.sw_if_index) - self.vapi.snat_interface_add_del_feature(self.pg1.sw_if_index) - self.vapi.snat_interface_add_del_feature(self.pg2.sw_if_index, - is_inside=0) + self.nat44_add_address(nat_ip1) + self.nat44_add_address(nat_ip2) + self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index) + self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index) + self.vapi.nat44_interface_add_del_feature(self.pg2.sw_if_index, + is_inside=0) # first VRF pkts = self.create_stream_in(self.pg0, self.pg2) @@ -1752,7 +1754,7 @@ class TestSNAT(MethodHolder): self.verify_capture_out(capture, nat_ip1) def test_dynamic_ipless_interfaces(self): - """ SNAT interfaces without configured ip dynamic map """ + """ NAT44 interfaces without configured IP address """ self.vapi.ip_neighbor_add_del(self.pg7.sw_if_index, self.pg7.remote_mac, @@ -1772,10 +1774,10 @@ class TestSNAT(MethodHolder): next_hop_address=self.pg8.remote_ip4n, next_hop_sw_if_index=self.pg8.sw_if_index) - self.snat_add_address(self.snat_addr) - self.vapi.snat_interface_add_del_feature(self.pg7.sw_if_index) - self.vapi.snat_interface_add_del_feature(self.pg8.sw_if_index, - is_inside=0) + self.nat44_add_address(self.nat_addr) + self.vapi.nat44_interface_add_del_feature(self.pg7.sw_if_index) + self.vapi.nat44_interface_add_del_feature(self.pg8.sw_if_index, + is_inside=0) # in2out pkts = self.create_stream_in(self.pg7, self.pg8) @@ -1786,7 +1788,7 @@ class TestSNAT(MethodHolder): self.verify_capture_out(capture) # out2in - pkts = self.create_stream_out(self.pg8, self.snat_addr) + pkts = self.create_stream_out(self.pg8, self.nat_addr) self.pg8.add_stream(pkts) self.pg_enable_capture(self.pg_interfaces) self.pg_start() @@ -1794,7 +1796,7 @@ class TestSNAT(MethodHolder): self.verify_capture_in(capture, self.pg7) def test_static_ipless_interfaces(self): - """ SNAT 1:1 NAT interfaces without configured ip """ + """ NAT44 interfaces without configured IP address - 1:1 NAT """ self.vapi.ip_neighbor_add_del(self.pg7.sw_if_index, self.pg7.remote_mac, @@ -1814,10 +1816,10 @@ class TestSNAT(MethodHolder): next_hop_address=self.pg8.remote_ip4n, next_hop_sw_if_index=self.pg8.sw_if_index) - self.snat_add_static_mapping(self.pg7.remote_ip4, self.snat_addr) - self.vapi.snat_interface_add_del_feature(self.pg7.sw_if_index) - self.vapi.snat_interface_add_del_feature(self.pg8.sw_if_index, - is_inside=0) + self.nat44_add_static_mapping(self.pg7.remote_ip4, self.nat_addr) + self.vapi.nat44_interface_add_del_feature(self.pg7.sw_if_index) + self.vapi.nat44_interface_add_del_feature(self.pg8.sw_if_index, + is_inside=0) # out2in pkts = self.create_stream_out(self.pg8) @@ -1833,10 +1835,10 @@ class TestSNAT(MethodHolder): self.pg_enable_capture(self.pg_interfaces) self.pg_start() capture = self.pg8.get_capture(len(pkts)) - self.verify_capture_out(capture, self.snat_addr, True) + self.verify_capture_out(capture, self.nat_addr, True) def test_static_with_port_ipless_interfaces(self): - """ SNAT 1:1 NAT with port interfaces without configured ip """ + """ NAT44 interfaces without configured IP address - 1:1 NAPT """ self.tcp_port_out = 30606 self.udp_port_out = 30607 @@ -1860,19 +1862,19 @@ class TestSNAT(MethodHolder): next_hop_address=self.pg8.remote_ip4n, next_hop_sw_if_index=self.pg8.sw_if_index) - self.snat_add_address(self.snat_addr) - self.snat_add_static_mapping(self.pg7.remote_ip4, self.snat_addr, - self.tcp_port_in, self.tcp_port_out, - proto=IP_PROTOS.tcp) - self.snat_add_static_mapping(self.pg7.remote_ip4, self.snat_addr, - self.udp_port_in, self.udp_port_out, - proto=IP_PROTOS.udp) - self.snat_add_static_mapping(self.pg7.remote_ip4, self.snat_addr, - self.icmp_id_in, self.icmp_id_out, - proto=IP_PROTOS.icmp) - self.vapi.snat_interface_add_del_feature(self.pg7.sw_if_index) - self.vapi.snat_interface_add_del_feature(self.pg8.sw_if_index, - is_inside=0) + self.nat44_add_address(self.nat_addr) + self.nat44_add_static_mapping(self.pg7.remote_ip4, self.nat_addr, + self.tcp_port_in, self.tcp_port_out, + proto=IP_PROTOS.tcp) + self.nat44_add_static_mapping(self.pg7.remote_ip4, self.nat_addr, + self.udp_port_in, self.udp_port_out, + proto=IP_PROTOS.udp) + self.nat44_add_static_mapping(self.pg7.remote_ip4, self.nat_addr, + self.icmp_id_in, self.icmp_id_out, + proto=IP_PROTOS.icmp) + self.vapi.nat44_interface_add_del_feature(self.pg7.sw_if_index) + self.vapi.nat44_interface_add_del_feature(self.pg8.sw_if_index, + is_inside=0) # out2in pkts = self.create_stream_out(self.pg8) @@ -1893,10 +1895,10 @@ class TestSNAT(MethodHolder): def test_static_unknown_proto(self): """ 1:1 NAT translate packet with unknown protocol """ nat_ip = "10.0.0.10" - self.snat_add_static_mapping(self.pg0.remote_ip4, nat_ip) - self.vapi.snat_interface_add_del_feature(self.pg0.sw_if_index) - self.vapi.snat_interface_add_del_feature(self.pg1.sw_if_index, - is_inside=0) + self.nat44_add_static_mapping(self.pg0.remote_ip4, nat_ip) + self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index) + self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index, + is_inside=0) # in2out p = (Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac) / @@ -1947,11 +1949,11 @@ class TestSNAT(MethodHolder): host_nat_ip = "10.0.0.10" server_nat_ip = "10.0.0.11" - self.snat_add_static_mapping(host.ip4, host_nat_ip) - self.snat_add_static_mapping(server.ip4, server_nat_ip) - self.vapi.snat_interface_add_del_feature(self.pg0.sw_if_index) - self.vapi.snat_interface_add_del_feature(self.pg1.sw_if_index, - is_inside=0) + self.nat44_add_static_mapping(host.ip4, host_nat_ip) + self.nat44_add_static_mapping(server.ip4, server_nat_ip) + self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index) + self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index, + is_inside=0) # host to server p = (Ether(dst=self.pg0.local_mac, src=host.mac) / @@ -1994,11 +1996,11 @@ class TestSNAT(MethodHolder): raise def test_unknown_proto(self): - """ SNAT translate packet with unknown protocol """ - self.snat_add_address(self.snat_addr) - self.vapi.snat_interface_add_del_feature(self.pg0.sw_if_index) - self.vapi.snat_interface_add_del_feature(self.pg1.sw_if_index, - is_inside=0) + """ NAT44 translate packet with unknown protocol """ + self.nat44_add_address(self.nat_addr) + self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index) + self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index, + is_inside=0) # in2out p = (Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac) / @@ -2020,7 +2022,7 @@ class TestSNAT(MethodHolder): p = self.pg1.get_capture(1) packet = p[0] try: - self.assertEqual(packet[IP].src, self.snat_addr) + self.assertEqual(packet[IP].src, self.nat_addr) self.assertEqual(packet[IP].dst, self.pg1.remote_ip4) self.assertTrue(packet.haslayer(GRE)) self.check_ip_checksum(packet) @@ -2030,7 +2032,7 @@ class TestSNAT(MethodHolder): # out2in p = (Ether(dst=self.pg1.local_mac, src=self.pg1.remote_mac) / - IP(src=self.pg1.remote_ip4, dst=self.snat_addr) / + IP(src=self.pg1.remote_ip4, dst=self.nat_addr) / GRE() / IP(src=self.pg3.remote_ip4, dst=self.pg2.remote_ip4) / TCP(sport=1234, dport=1234)) @@ -2049,7 +2051,7 @@ class TestSNAT(MethodHolder): raise def test_hairpinning_unknown_proto(self): - """ SNAT translate packet with unknown protocol - hairpinning """ + """ NAT44 translate packet with unknown protocol - hairpinning """ host = self.pg0.remote_hosts[0] server = self.pg0.remote_hosts[1] host_in_port = 1234 @@ -2058,13 +2060,13 @@ class TestSNAT(MethodHolder): server_out_port = 8765 server_nat_ip = "10.0.0.11" - self.snat_add_address(self.snat_addr) - self.vapi.snat_interface_add_del_feature(self.pg0.sw_if_index) - self.vapi.snat_interface_add_del_feature(self.pg1.sw_if_index, - is_inside=0) + self.nat44_add_address(self.nat_addr) + self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index) + self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index, + is_inside=0) # add static mapping for server - self.snat_add_static_mapping(server.ip4, server_nat_ip) + self.nat44_add_static_mapping(server.ip4, server_nat_ip) # host to server p = (Ether(src=host.mac, dst=self.pg0.local_mac) / @@ -2086,7 +2088,7 @@ class TestSNAT(MethodHolder): p = self.pg0.get_capture(1) packet = p[0] try: - self.assertEqual(packet[IP].src, self.snat_addr) + self.assertEqual(packet[IP].src, self.nat_addr) self.assertEqual(packet[IP].dst, server.ip4) self.assertTrue(packet.haslayer(GRE)) self.check_ip_checksum(packet) @@ -2096,7 +2098,7 @@ class TestSNAT(MethodHolder): # server to host p = (Ether(dst=self.pg0.local_mac, src=server.mac) / - IP(src=server.ip4, dst=self.snat_addr) / + IP(src=server.ip4, dst=self.nat_addr) / GRE() / IP(src=self.pg3.remote_ip4, dst=self.pg2.remote_ip4) / TCP(sport=1234, dport=1234)) @@ -2115,11 +2117,11 @@ class TestSNAT(MethodHolder): raise def test_output_feature(self): - """ S-NAT interface output feature (in2out postrouting) """ - self.snat_add_address(self.snat_addr) - self.vapi.snat_interface_add_del_output_feature(self.pg0.sw_if_index) - self.vapi.snat_interface_add_del_output_feature(self.pg1.sw_if_index, - is_inside=0) + """ NAT44 interface output feature (in2out postrouting) """ + self.nat44_add_address(self.nat_addr) + self.vapi.nat44_interface_add_del_output_feature(self.pg0.sw_if_index) + self.vapi.nat44_interface_add_del_output_feature(self.pg1.sw_if_index, + is_inside=0) # in2out pkts = self.create_stream_in(self.pg0, self.pg1) @@ -2138,7 +2140,7 @@ class TestSNAT(MethodHolder): self.verify_capture_in(capture, self.pg0) def test_output_feature_vrf_aware(self): - """ S-NAT interface output feature VRF aware (in2out postrouting) """ + """ NAT44 interface output feature VRF aware (in2out postrouting) """ nat_ip_vrf10 = "10.0.0.10" nat_ip_vrf20 = "10.0.0.20" @@ -2153,12 +2155,12 @@ class TestSNAT(MethodHolder): next_hop_sw_if_index=self.pg3.sw_if_index, table_id=20) - self.snat_add_address(nat_ip_vrf10, vrf_id=10) - self.snat_add_address(nat_ip_vrf20, vrf_id=20) - self.vapi.snat_interface_add_del_output_feature(self.pg4.sw_if_index) - self.vapi.snat_interface_add_del_output_feature(self.pg6.sw_if_index) - self.vapi.snat_interface_add_del_output_feature(self.pg3.sw_if_index, - is_inside=0) + self.nat44_add_address(nat_ip_vrf10, vrf_id=10) + self.nat44_add_address(nat_ip_vrf20, vrf_id=20) + self.vapi.nat44_interface_add_del_output_feature(self.pg4.sw_if_index) + self.vapi.nat44_interface_add_del_output_feature(self.pg6.sw_if_index) + self.vapi.nat44_interface_add_del_output_feature(self.pg3.sw_if_index, + is_inside=0) # in2out VRF 10 pkts = self.create_stream_in(self.pg4, self.pg3) @@ -2193,7 +2195,7 @@ class TestSNAT(MethodHolder): self.verify_capture_in(capture, self.pg6) def test_output_feature_hairpinning(self): - """ S-NAT interface output feature hairpinning (in2out postrouting) """ + """ NAT44 interface output feature hairpinning (in2out postrouting) """ host = self.pg0.remote_hosts[0] server = self.pg0.remote_hosts[1] host_in_port = 1234 @@ -2201,19 +2203,19 @@ class TestSNAT(MethodHolder): server_in_port = 5678 server_out_port = 8765 - self.snat_add_address(self.snat_addr) - self.vapi.snat_interface_add_del_output_feature(self.pg0.sw_if_index) - self.vapi.snat_interface_add_del_output_feature(self.pg1.sw_if_index, - is_inside=0) + self.nat44_add_address(self.nat_addr) + self.vapi.nat44_interface_add_del_output_feature(self.pg0.sw_if_index) + self.vapi.nat44_interface_add_del_output_feature(self.pg1.sw_if_index, + is_inside=0) # add static mapping for server - self.snat_add_static_mapping(server.ip4, self.snat_addr, - server_in_port, server_out_port, - proto=IP_PROTOS.tcp) + self.nat44_add_static_mapping(server.ip4, self.nat_addr, + server_in_port, server_out_port, + proto=IP_PROTOS.tcp) # send packet from host to server p = (Ether(src=host.mac, dst=self.pg0.local_mac) / - IP(src=host.ip4, dst=self.snat_addr) / + IP(src=host.ip4, dst=self.nat_addr) / TCP(sport=host_in_port, dport=server_out_port)) self.pg0.add_stream(p) self.pg_enable_capture(self.pg_interfaces) @@ -2223,7 +2225,7 @@ class TestSNAT(MethodHolder): try: ip = p[IP] tcp = p[TCP] - self.assertEqual(ip.src, self.snat_addr) + self.assertEqual(ip.src, self.nat_addr) self.assertEqual(ip.dst, server.ip4) self.assertNotEqual(tcp.sport, host_in_port) self.assertEqual(tcp.dport, server_in_port) @@ -2235,7 +2237,7 @@ class TestSNAT(MethodHolder): # send reply from server to host p = (Ether(src=server.mac, dst=self.pg0.local_mac) / - IP(src=server.ip4, dst=self.snat_addr) / + IP(src=server.ip4, dst=self.nat_addr) / TCP(sport=server_in_port, dport=host_out_port)) self.pg0.add_stream(p) self.pg_enable_capture(self.pg_interfaces) @@ -2245,7 +2247,7 @@ class TestSNAT(MethodHolder): try: ip = p[IP] tcp = p[TCP] - self.assertEqual(ip.src, self.snat_addr) + self.assertEqual(ip.src, self.nat_addr) self.assertEqual(ip.dst, host.ip4) self.assertEqual(tcp.sport, server_out_port) self.assertEqual(tcp.dport, host_in_port) @@ -2255,10 +2257,10 @@ class TestSNAT(MethodHolder): raise def tearDown(self): - super(TestSNAT, self).tearDown() + super(TestNAT44, self).tearDown() if not self.vpp_dead: - self.logger.info(self.vapi.cli("show snat verbose")) - self.clear_snat() + self.logger.info(self.vapi.cli("show nat44 verbose")) + self.clear_nat44() class TestDeterministicNAT(MethodHolder): @@ -2267,7 +2269,7 @@ class TestDeterministicNAT(MethodHolder): @classmethod def setUpConstants(cls): super(TestDeterministicNAT, cls).setUpConstants() - cls.vpp_cmdline.extend(["snat", "{", "deterministic", "}"]) + cls.vpp_cmdline.extend(["nat", "{", "deterministic", "}"]) @classmethod def setUpClass(cls): @@ -2279,7 +2281,7 @@ class TestDeterministicNAT(MethodHolder): cls.udp_port_in = 6304 cls.udp_external_port = 6304 cls.icmp_id_in = 6305 - cls.snat_addr = '10.0.0.3' + cls.nat_addr = '10.0.0.3' cls.create_pg_interfaces(range(3)) cls.interfaces = list(cls.pg_interfaces) @@ -2330,11 +2332,11 @@ class TestDeterministicNAT(MethodHolder): Create packet stream for outside network :param out_if: Outside interface - :param dst_ip: Destination IP address (Default use global SNAT address) + :param dst_ip: Destination IP address (Default use global NAT address) :param ttl: TTL of generated packets """ if dst_ip is None: - dst_ip = self.snat_addr + dst_ip = self.nat_addr pkts = [] # TCP p = (Ether(dst=out_if.local_mac, src=out_if.remote_mac) / @@ -2361,12 +2363,12 @@ class TestDeterministicNAT(MethodHolder): Verify captured packets on outside network :param capture: Captured packets - :param nat_ip: Translated IP address (Default use global SNAT address) + :param nat_ip: Translated IP address (Default use global NAT address) :param same_port: Sorce port number is not translated (Default False) :param packet_num: Expected number of packets (Default 3) """ if nat_ip is None: - nat_ip = self.snat_addr + nat_ip = self.nat_addr self.assertEqual(packet_num, len(capture)) for packet in capture: try: @@ -2404,7 +2406,7 @@ class TestDeterministicNAT(MethodHolder): # SYN + ACK packet out->in p = (Ether(src=out_if.remote_mac, dst=out_if.local_mac) / - IP(src=out_if.remote_ip4, dst=self.snat_addr) / + IP(src=out_if.remote_ip4, dst=self.nat_addr) / TCP(sport=self.tcp_external_port, dport=self.tcp_port_out, flags="SA")) out_if.add_stream(p) @@ -2442,7 +2444,7 @@ class TestDeterministicNAT(MethodHolder): self.assertEqual(self.pg0.remote_ip4n, record[8]) def test_deterministic_mode(self): - """ S-NAT run deterministic mode """ + """ NAT plugin run deterministic mode """ in_addr = '172.16.255.0' out_addr = '172.17.255.50' in_addr_t = '172.16.255.20' @@ -2452,17 +2454,17 @@ class TestDeterministicNAT(MethodHolder): in_plen = 24 out_plen = 32 - snat_config = self.vapi.snat_show_config() - self.assertEqual(1, snat_config.deterministic) + nat_config = self.vapi.nat_show_config() + self.assertEqual(1, nat_config.deterministic) - self.vapi.snat_add_det_map(in_addr_n, in_plen, out_addr_n, out_plen) + self.vapi.nat_det_add_del_map(in_addr_n, in_plen, out_addr_n, out_plen) - rep1 = self.vapi.snat_det_forward(in_addr_t_n) + rep1 = self.vapi.nat_det_forward(in_addr_t_n) self.assertEqual(rep1.out_addr[:4], out_addr_n) - rep2 = self.vapi.snat_det_reverse(out_addr_n, rep1.out_port_hi) + rep2 = self.vapi.nat_det_reverse(out_addr_n, rep1.out_port_hi) self.assertEqual(rep2.in_addr[:4], in_addr_t_n) - deterministic_mappings = self.vapi.snat_det_map_dump() + deterministic_mappings = self.vapi.nat_det_map_dump() self.assertEqual(len(deterministic_mappings), 1) dsm = deterministic_mappings[0] self.assertEqual(in_addr_n, dsm.in_addr[:4]) @@ -2470,20 +2472,20 @@ class TestDeterministicNAT(MethodHolder): self.assertEqual(out_addr_n, dsm.out_addr[:4]) self.assertEqual(out_plen, dsm.out_plen) - self.clear_snat() - deterministic_mappings = self.vapi.snat_det_map_dump() + self.clear_nat_det() + deterministic_mappings = self.vapi.nat_det_map_dump() self.assertEqual(len(deterministic_mappings), 0) def test_set_timeouts(self): """ Set deterministic NAT timeouts """ - timeouts_before = self.vapi.snat_det_get_timeouts() + timeouts_before = self.vapi.nat_det_get_timeouts() - self.vapi.snat_det_set_timeouts(timeouts_before.udp + 10, - timeouts_before.tcp_established + 10, - timeouts_before.tcp_transitory + 10, - timeouts_before.icmp + 10) + self.vapi.nat_det_set_timeouts(timeouts_before.udp + 10, + timeouts_before.tcp_established + 10, + timeouts_before.tcp_transitory + 10, + timeouts_before.icmp + 10) - timeouts_after = self.vapi.snat_det_get_timeouts() + timeouts_after = self.vapi.nat_det_get_timeouts() self.assertNotEqual(timeouts_before.udp, timeouts_after.udp) self.assertNotEqual(timeouts_before.icmp, timeouts_after.icmp) @@ -2493,17 +2495,17 @@ class TestDeterministicNAT(MethodHolder): timeouts_after.tcp_transitory) def test_det_in(self): - """ CGNAT translation test (TCP, UDP, ICMP) """ + """ Deterministic NAT translation test (TCP, UDP, ICMP) """ nat_ip = "10.0.0.10" - self.vapi.snat_add_det_map(self.pg0.remote_ip4n, - 32, - socket.inet_aton(nat_ip), - 32) - self.vapi.snat_interface_add_del_feature(self.pg0.sw_if_index) - self.vapi.snat_interface_add_del_feature(self.pg1.sw_if_index, - is_inside=0) + self.vapi.nat_det_add_del_map(self.pg0.remote_ip4n, + 32, + socket.inet_aton(nat_ip), + 32) + self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index) + self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index, + is_inside=0) # in2out pkts = self.create_stream_in(self.pg0, self.pg1) @@ -2522,7 +2524,7 @@ class TestDeterministicNAT(MethodHolder): self.verify_capture_in(capture, self.pg0) # session dump test - sessions = self.vapi.snat_det_session_dump(self.pg0.remote_ip4n) + sessions = self.vapi.nat_det_session_dump(self.pg0.remote_ip4n) self.assertEqual(len(sessions), 3) # TCP session @@ -2546,7 +2548,7 @@ class TestDeterministicNAT(MethodHolder): self.assertEqual(s.out_port, self.icmp_external_id) def test_multiple_users(self): - """ CGNAT multiple users """ + """ Deterministic NAT multiple users """ nat_ip = "10.0.0.10" port_in = 80 @@ -2555,13 +2557,13 @@ class TestDeterministicNAT(MethodHolder): host0 = self.pg0.remote_hosts[0] host1 = self.pg0.remote_hosts[1] - self.vapi.snat_add_det_map(host0.ip4n, - 24, - socket.inet_aton(nat_ip), - 32) - self.vapi.snat_interface_add_del_feature(self.pg0.sw_if_index) - self.vapi.snat_interface_add_del_feature(self.pg1.sw_if_index, - is_inside=0) + self.vapi.nat_det_add_del_map(host0.ip4n, + 24, + socket.inet_aton(nat_ip), + 32) + self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index) + self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index, + is_inside=0) # host0 to out p = (Ether(src=host0.mac, dst=self.pg0.local_mac) / @@ -2603,7 +2605,7 @@ class TestDeterministicNAT(MethodHolder): self.logger.error(ppp("Unexpected or invalid packet:", p)) raise - dms = self.vapi.snat_det_map_dump() + dms = self.vapi.nat_det_map_dump() self.assertEqual(1, len(dms)) self.assertEqual(2, dms[0].ses_num) @@ -2648,29 +2650,29 @@ class TestDeterministicNAT(MethodHolder): raise # session close api test - self.vapi.snat_det_close_session_out(socket.inet_aton(nat_ip), - port_out1, - self.pg1.remote_ip4n, - external_port) - dms = self.vapi.snat_det_map_dump() - self.assertEqual(dms[0].ses_num, 1) - - self.vapi.snat_det_close_session_in(host0.ip4n, - port_in, + self.vapi.nat_det_close_session_out(socket.inet_aton(nat_ip), + port_out1, self.pg1.remote_ip4n, external_port) - dms = self.vapi.snat_det_map_dump() + dms = self.vapi.nat_det_map_dump() + self.assertEqual(dms[0].ses_num, 1) + + self.vapi.nat_det_close_session_in(host0.ip4n, + port_in, + self.pg1.remote_ip4n, + external_port) + dms = self.vapi.nat_det_map_dump() self.assertEqual(dms[0].ses_num, 0) def test_tcp_session_close_detection_in(self): - """ CGNAT TCP session close initiated from inside network """ - self.vapi.snat_add_det_map(self.pg0.remote_ip4n, - 32, - socket.inet_aton(self.snat_addr), - 32) - self.vapi.snat_interface_add_del_feature(self.pg0.sw_if_index) - self.vapi.snat_interface_add_del_feature(self.pg1.sw_if_index, - is_inside=0) + """ Deterministic NAT TCP session close from inside network """ + self.vapi.nat_det_add_del_map(self.pg0.remote_ip4n, + 32, + socket.inet_aton(self.nat_addr), + 32) + self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index) + self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index, + is_inside=0) self.initiate_tcp_session(self.pg0, self.pg1) @@ -2690,14 +2692,14 @@ class TestDeterministicNAT(MethodHolder): # ACK packet out -> in p = (Ether(src=self.pg1.remote_mac, dst=self.pg1.local_mac) / - IP(src=self.pg1.remote_ip4, dst=self.snat_addr) / + IP(src=self.pg1.remote_ip4, dst=self.nat_addr) / TCP(sport=self.tcp_external_port, dport=self.tcp_port_out, flags="A")) pkts.append(p) # FIN packet out -> in p = (Ether(src=self.pg1.remote_mac, dst=self.pg1.local_mac) / - IP(src=self.pg1.remote_ip4, dst=self.snat_addr) / + IP(src=self.pg1.remote_ip4, dst=self.nat_addr) / TCP(sport=self.tcp_external_port, dport=self.tcp_port_out, flags="F")) pkts.append(p) @@ -2717,22 +2719,22 @@ class TestDeterministicNAT(MethodHolder): self.pg_start() self.pg1.get_capture(1) - # Check if snat closed the session - dms = self.vapi.snat_det_map_dump() + # Check if deterministic NAT44 closed the session + dms = self.vapi.nat_det_map_dump() self.assertEqual(0, dms[0].ses_num) except: self.logger.error("TCP session termination failed") raise def test_tcp_session_close_detection_out(self): - """ CGNAT TCP session close initiated from outside network """ - self.vapi.snat_add_det_map(self.pg0.remote_ip4n, - 32, - socket.inet_aton(self.snat_addr), - 32) - self.vapi.snat_interface_add_del_feature(self.pg0.sw_if_index) - self.vapi.snat_interface_add_del_feature(self.pg1.sw_if_index, - is_inside=0) + """ Deterministic NAT TCP session close from outside network """ + self.vapi.nat_det_add_del_map(self.pg0.remote_ip4n, + 32, + socket.inet_aton(self.nat_addr), + 32) + self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index) + self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index, + is_inside=0) self.initiate_tcp_session(self.pg0, self.pg1) @@ -2740,7 +2742,7 @@ class TestDeterministicNAT(MethodHolder): try: # FIN packet out -> in p = (Ether(src=self.pg1.remote_mac, dst=self.pg1.local_mac) / - IP(src=self.pg1.remote_ip4, dst=self.snat_addr) / + IP(src=self.pg1.remote_ip4, dst=self.nat_addr) / TCP(sport=self.tcp_external_port, dport=self.tcp_port_out, flags="F")) self.pg1.add_stream(p) @@ -2771,7 +2773,7 @@ class TestDeterministicNAT(MethodHolder): # ACK packet out -> in p = (Ether(src=self.pg1.remote_mac, dst=self.pg1.local_mac) / - IP(src=self.pg1.remote_ip4, dst=self.snat_addr) / + IP(src=self.pg1.remote_ip4, dst=self.nat_addr) / TCP(sport=self.tcp_external_port, dport=self.tcp_port_out, flags="A")) self.pg1.add_stream(p) @@ -2779,8 +2781,8 @@ class TestDeterministicNAT(MethodHolder): self.pg_start() self.pg0.get_capture(1) - # Check if snat closed the session - dms = self.vapi.snat_det_map_dump() + # Check if deterministic NAT44 closed the session + dms = self.vapi.nat_det_map_dump() self.assertEqual(0, dms[0].ses_num) except: self.logger.error("TCP session termination failed") @@ -2788,17 +2790,17 @@ class TestDeterministicNAT(MethodHolder): @unittest.skipUnless(running_extended_tests(), "part of extended tests") def test_session_timeout(self): - """ CGNAT session timeouts """ - self.vapi.snat_add_det_map(self.pg0.remote_ip4n, - 32, - socket.inet_aton(self.snat_addr), - 32) - self.vapi.snat_interface_add_del_feature(self.pg0.sw_if_index) - self.vapi.snat_interface_add_del_feature(self.pg1.sw_if_index, - is_inside=0) + """ Deterministic NAT session timeouts """ + self.vapi.nat_det_add_del_map(self.pg0.remote_ip4n, + 32, + socket.inet_aton(self.nat_addr), + 32) + self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index) + self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index, + is_inside=0) self.initiate_tcp_session(self.pg0, self.pg1) - self.vapi.snat_det_set_timeouts(5, 5, 5, 5) + self.vapi.nat_det_set_timeouts(5, 5, 5, 5) pkts = self.create_stream_in(self.pg0, self.pg1) self.pg0.add_stream(pkts) self.pg_enable_capture(self.pg_interfaces) @@ -2806,24 +2808,24 @@ class TestDeterministicNAT(MethodHolder): capture = self.pg1.get_capture(len(pkts)) sleep(15) - dms = self.vapi.snat_det_map_dump() + dms = self.vapi.nat_det_map_dump() self.assertEqual(0, dms[0].ses_num) @unittest.skipUnless(running_extended_tests(), "part of extended tests") def test_session_limit_per_user(self): - """ CGNAT maximum 1000 sessions per user should be created """ - self.vapi.snat_add_det_map(self.pg0.remote_ip4n, - 32, - socket.inet_aton(self.snat_addr), - 32) - self.vapi.snat_interface_add_del_feature(self.pg0.sw_if_index) - self.vapi.snat_interface_add_del_feature(self.pg1.sw_if_index, - is_inside=0) + """ Deterministic NAT maximum sessions per user limit """ + self.vapi.nat_det_add_del_map(self.pg0.remote_ip4n, + 32, + socket.inet_aton(self.nat_addr), + 32) + self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index) + self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index, + is_inside=0) self.vapi.set_ipfix_exporter(collector_address=self.pg2.remote_ip4n, src_address=self.pg2.local_ip4n, path_mtu=512, template_interval=10) - self.vapi.snat_ipfix() + self.vapi.nat_ipfix() pkts = [] for port in range(1025, 2025): @@ -2857,7 +2859,7 @@ class TestDeterministicNAT(MethodHolder): self.assertEqual(inner_ip[UDPerror].sport, 3001) self.assertEqual(inner_ip[UDPerror].dport, 3002) - dms = self.vapi.snat_det_map_dump() + dms = self.vapi.nat_det_map_dump() self.assertEqual(1000, dms[0].ses_num) @@ -2877,31 +2879,31 @@ class TestDeterministicNAT(MethodHolder): data = ipfix.decode_data_set(p.getlayer(Set)) self.verify_ipfix_max_entries_per_user(data) - def clear_snat(self): + def clear_nat_det(self): """ - Clear SNAT configuration. + Clear deterministic NAT configuration. """ - self.vapi.snat_ipfix(enable=0) - self.vapi.snat_det_set_timeouts() - deterministic_mappings = self.vapi.snat_det_map_dump() + self.vapi.nat_ipfix(enable=0) + self.vapi.nat_det_set_timeouts() + deterministic_mappings = self.vapi.nat_det_map_dump() for dsm in deterministic_mappings: - self.vapi.snat_add_det_map(dsm.in_addr, - dsm.in_plen, - dsm.out_addr, - dsm.out_plen, - is_add=0) + self.vapi.nat_det_add_del_map(dsm.in_addr, + dsm.in_plen, + dsm.out_addr, + dsm.out_plen, + is_add=0) - interfaces = self.vapi.snat_interface_dump() + interfaces = self.vapi.nat44_interface_dump() for intf in interfaces: - self.vapi.snat_interface_add_del_feature(intf.sw_if_index, - intf.is_inside, - is_add=0) + self.vapi.nat44_interface_add_del_feature(intf.sw_if_index, + intf.is_inside, + is_add=0) def tearDown(self): super(TestDeterministicNAT, self).tearDown() if not self.vpp_dead: - self.logger.info(self.vapi.cli("show snat detail")) - self.clear_snat() + self.logger.info(self.vapi.cli("show nat44 detail")) + self.clear_nat_det() class TestNAT64(MethodHolder): diff --git a/test/vpp_papi_provider.py b/test/vpp_papi_provider.py index 95de0be6..61db4d6b 100644 --- a/test/vpp_papi_provider.py +++ b/test/vpp_papi_provider.py @@ -1061,41 +1061,41 @@ class VppPapiProvider(object): 'mt_next_hop_table_id': next_hop_table_id, 'mt_next_hop_out_label_stack': next_hop_out_label_stack}) - def snat_interface_add_del_feature( + def nat44_interface_add_del_feature( self, sw_if_index, is_inside=1, is_add=1): - """Enable/disable S-NAT feature on the interface + """Enable/disable NAT44 feature on the interface :param sw_if_index: Software index of the interface :param is_inside: 1 if inside, 0 if outside (Default value = 1) :param is_add: 1 if add, 0 if delete (Default value = 1) """ return self.api( - self.papi.snat_interface_add_del_feature, + self.papi.nat44_interface_add_del_feature, {'is_add': is_add, 'is_inside': is_inside, 'sw_if_index': sw_if_index}) - def snat_interface_add_del_output_feature( + def nat44_interface_add_del_output_feature( self, sw_if_index, is_inside=1, is_add=1): - """Enable/disable S-NAT output feature on the interface + """Enable/disable NAT44 output feature on the interface :param sw_if_index: Software index of the interface :param is_inside: 1 if inside, 0 if outside (Default value = 1) :param is_add: 1 if add, 0 if delete (Default value = 1) """ return self.api( - self.papi.snat_interface_add_del_output_feature, + self.papi.nat44_interface_add_del_output_feature, {'is_add': is_add, 'is_inside': is_inside, 'sw_if_index': sw_if_index}) - def snat_add_static_mapping( + def nat44_add_del_static_mapping( self, local_ip, external_ip=0, @@ -1105,9 +1105,8 @@ class VppPapiProvider(object): addr_only=1, vrf_id=0, protocol=0, - is_add=1, - is_ip4=1): - """Add/delete S-NAT static mapping + is_add=1): + """Add/delete NAT44 static mapping :param local_ip: Local IP address :param external_ip: External IP address @@ -1118,12 +1117,10 @@ class VppPapiProvider(object): :param vrf_id: VRF ID :param protocol: IP protocol (Default value = 0) :param is_add: 1 if add, 0 if delete (Default value = 1) - :param is_ip4: 1 if address type is IPv4 (Default value = 1) """ return self.api( - self.papi.snat_add_static_mapping, + self.papi.nat44_add_del_static_mapping, {'is_add': is_add, - 'is_ip4': is_ip4, 'addr_only': addr_only, 'local_ip_address': local_ip, 'external_ip_address': external_ip, @@ -1133,100 +1130,96 @@ class VppPapiProvider(object): 'vrf_id': vrf_id, 'protocol': protocol}) - def snat_add_address_range( + def nat44_add_del_address_range( self, first_ip_address, last_ip_address, is_add=1, - is_ip4=1, vrf_id=0xFFFFFFFF): - """Add/del S-NAT address range + """Add/del NAT44 address range :param first_ip_address: First IP address :param last_ip_address: Last IP address :param vrf_id: VRF id for the address range :param is_add: 1 if add, 0 if delete (Default value = 1) - :param is_ip4: 1 if address type is IPv4 (Default value = 1) """ return self.api( - self.papi.snat_add_address_range, - {'is_ip4': is_ip4, - 'first_ip_address': first_ip_address, + self.papi.nat44_add_del_address_range, + {'first_ip_address': first_ip_address, 'last_ip_address': last_ip_address, 'vrf_id': vrf_id, 'is_add': is_add}) - def snat_address_dump(self): - """Dump S-NAT addresses - :return: Dictionary of S-NAT addresses + def nat44_address_dump(self): + """Dump NAT44 addresses + :return: Dictionary of NAT44 addresses """ - return self.api(self.papi.snat_address_dump, {}) + return self.api(self.papi.nat44_address_dump, {}) - def snat_interface_dump(self): - """Dump interfaces with S-NAT feature - :return: Dictionary of interfaces with S-NAT feature + def nat44_interface_dump(self): + """Dump interfaces with NAT44 feature + :return: Dictionary of interfaces with NAT44 feature """ - return self.api(self.papi.snat_interface_dump, {}) + return self.api(self.papi.nat44_interface_dump, {}) - def snat_interface_output_feature_dump(self): - """Dump interfaces with S-NAT output feature - :return: Dictionary of interfaces with S-NAT output feature + def nat44_interface_output_feature_dump(self): + """Dump interfaces with NAT44 output feature + :return: Dictionary of interfaces with NAT44 output feature """ - return self.api(self.papi.snat_interface_output_feature_dump, {}) + return self.api(self.papi.nat44_interface_output_feature_dump, {}) - def snat_static_mapping_dump(self): - """Dump S-NAT static mappings - :return: Dictionary of S-NAT static mappings + def nat44_static_mapping_dump(self): + """Dump NAT44 static mappings + :return: Dictionary of NAT44 static mappings """ - return self.api(self.papi.snat_static_mapping_dump, {}) + return self.api(self.papi.nat44_static_mapping_dump, {}) - def snat_show_config(self): - """Show S-NAT config - :return: S-NAT config parameters + def nat_show_config(self): + """Show NAT plugin config + :return: NAT plugin config parameters """ - return self.api(self.papi.snat_show_config, {}) + return self.api(self.papi.nat_show_config, {}) - def snat_add_interface_addr( + def nat44_add_interface_addr( self, sw_if_index, is_add=1): - """Add/del S-NAT address from interface + """Add/del NAT44 address from interface :param sw_if_index: Software index of the interface :param is_add: 1 if add, 0 if delete (Default value = 1) """ - return self.api(self.papi.snat_add_del_interface_addr, + return self.api(self.papi.nat44_add_del_interface_addr, {'is_add': is_add, 'sw_if_index': sw_if_index}) - def snat_interface_addr_dump(self): - """Dump S-NAT addresses interfaces - :return: Dictionary of S-NAT addresses interfaces + def nat44_interface_addr_dump(self): + """Dump NAT44 addresses interfaces + :return: Dictionary of NAT44 addresses interfaces """ - return self.api(self.papi.snat_interface_addr_dump, {}) + return self.api(self.papi.nat44_interface_addr_dump, {}) - def snat_ipfix( + def nat_ipfix( self, domain_id=1, src_port=4739, enable=1): - """Enable/disable S-NAT IPFIX logging + """Enable/disable NAT IPFIX logging :param domain_id: Observation domain ID (Default value = 1) :param src_port: Source port number (Default value = 4739) :param enable: 1 if enable, 0 if disable (Default value = 1) """ return self.api( - self.papi.snat_ipfix_enable_disable, + self.papi.nat_ipfix_enable_disable, {'domain_id': domain_id, 'src_port': src_port, 'enable': enable}) - def snat_user_session_dump( + def nat44_user_session_dump( self, ip_address, - vrf_id, - is_ip4=1): - """Dump S-NAT user's sessions + vrf_id): + """Dump NAT44 user's sessions :param ip_address: ip adress of the user to be dumped :param cpu_index: cpu_index on which the user is @@ -1234,26 +1227,25 @@ class VppPapiProvider(object): :return: Dictionary of S-NAT sessions """ return self.api( - self.papi.snat_user_session_dump, + self.papi.nat44_user_session_dump, {'ip_address': ip_address, - 'vrf_id': vrf_id, - 'is_ip4': is_ip4}) + 'vrf_id': vrf_id}) - def snat_user_dump(self): - """Dump S-NAT users + def nat44_user_dump(self): + """Dump NAT44 users - :return: Dictionary of S-NAT users + :return: Dictionary of NAT44 users """ - return self.api(self.papi.snat_user_dump, {}) + return self.api(self.papi.nat44_user_dump, {}) - def snat_add_det_map( + def nat_det_add_del_map( self, in_addr, in_plen, out_addr, out_plen, is_add=1): - """Add/delete S-NAT deterministic mapping + """Add/delete deterministic NAT mapping :param is_add - 1 if add, 0 if delete :param in_addr - inside IP address @@ -1262,14 +1254,15 @@ class VppPapiProvider(object): :param out_plen - outside IP address prefix length """ return self.api( - self.papi.snat_add_det_map, + self.papi.nat_det_add_del_map, {'is_add': is_add, + 'is_nat44': 1, 'in_addr': in_addr, 'in_plen': in_plen, 'out_addr': out_addr, 'out_plen': out_plen}) - def snat_det_forward( + def nat_det_forward( self, in_addr): """Get outside address and port range from inside address @@ -1277,10 +1270,11 @@ class VppPapiProvider(object): :param in_addr - inside IP address """ return self.api( - self.papi.snat_det_forward, - {'in_addr': in_addr}) + self.papi.nat_det_forward, + {'in_addr': in_addr, + 'is_nat44': 1}) - def snat_det_reverse( + def nat_det_reverse( self, out_addr, out_port): @@ -1290,18 +1284,18 @@ class VppPapiProvider(object): :param out_port - outside port """ return self.api( - self.papi.snat_det_reverse, + self.papi.nat_det_reverse, {'out_addr': out_addr, 'out_port': out_port}) - def snat_det_map_dump(self): - """Dump S-NAT deterministic mappings + def nat_det_map_dump(self): + """Dump deterministic NAT mappings - :return: Dictionary of S-NAT deterministic mappings + :return: Dictionary of deterministic NAT mappings """ - return self.api(self.papi.snat_det_map_dump, {}) + return self.api(self.papi.nat_det_map_dump, {}) - def snat_det_set_timeouts( + def nat_det_set_timeouts( self, udp=300, tcp_established=7440, @@ -1315,78 +1309,71 @@ class VppPapiProvider(object): :param icmp - ICMP timeout (Default value = 60) """ return self.api( - self.papi.snat_det_set_timeouts, + self.papi.nat_det_set_timeouts, {'udp': udp, 'tcp_established': tcp_established, 'tcp_transitory': tcp_transitory, 'icmp': icmp}) - def snat_det_get_timeouts(self): + def nat_det_get_timeouts(self): """Get values of timeouts for deterministic NAT :return: Timeouts for deterministic NAT (in seconds) """ - return self.api(self.papi.snat_det_get_timeouts, {}) + return self.api(self.papi.nat_det_get_timeouts, {}) - def snat_det_close_session_out( + def nat_det_close_session_out( self, out_addr, out_port, ext_addr, - ext_port, - is_ip4=1): - """Close CGN session using outside address and port + ext_port): + """Close deterministic NAT session using outside address and port :param out_addr - outside IP address :param out_port - outside port :param ext_addr - external host IP address :param ext_port - external host port - :param is_ip4: 1 if address type is IPv4 (Default value = 1) """ return self.api( - self.papi.snat_det_close_session_out, + self.papi.nat_det_close_session_out, {'out_addr': out_addr, 'out_port': out_port, 'ext_addr': ext_addr, - 'ext_port': ext_port, - 'is_ip4': is_ip4}) + 'ext_port': ext_port}) - def snat_det_close_session_in( + def nat_det_close_session_in( self, in_addr, in_port, ext_addr, - ext_port, - is_ip4=1): - """Close CGN session using inside address and port + ext_port): + """Close deterministic NAT session using inside address and port :param in_addr - inside IP address :param in_port - inside port :param ext_addr - external host IP address :param ext_port - external host port - :param is_ip4: 1 if address type is IPv4 (Default value = 1) """ return self.api( - self.papi.snat_det_close_session_in, + self.papi.nat_det_close_session_in, {'in_addr': in_addr, 'in_port': in_port, 'ext_addr': ext_addr, 'ext_port': ext_port, - 'is_ip4': is_ip4}) + 'is_nat44': 1}) - def snat_det_session_dump( + def nat_det_session_dump( self, - user_addr, - is_ip4=1): - """Dump S-NAT deterministic sessions belonging to a user + user_addr): + """Dump deterministic NAT sessions belonging to a user :param user_addr - inside IP address of the user - :param is_ip4: - 1 if address type is IPv4 (Default value = 1) - :return: Dictionary of S-NAT deterministic sessions + :return: Dictionary of deterministic NAT sessions """ return self.api( - self.papi.snat_det_session_dump, - {'is_ip4': is_ip4, + self.papi.nat_det_session_dump, + {'is_nat44': 1, 'user_addr': user_addr}) def nat64_add_del_pool_addr_range( |